Your message dated Wed, 25 Jun 2014 21:34:24 +0000 with message-id <e1wzupk-0005d1...@franck.debian.org> and subject line Bug#752573: fixed in cacti 0.8.8b+dfsg-6 has caused the Debian Bug report #752573, regarding cacti: CVE-2014-4002 Cross-Site Scripting Vulnerability to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 752573: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752573 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: cacti Version: 0.8.8b+dfsg-5 Severity: grave Tags: security patch upstream pending Justification: user security hole -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cacti upstream's svn [1] has a fix for CVE-2014-4002. I couldn't find any information yet elsewhere. I can only guess that also the change before this revision is also involved [2]. I will add this to my current update for cacti (in progress). [1] http://svn.cacti.net/viewvc?view=rev&revision=7452 [2] http://svn.cacti.net/viewvc?view=rev&revision=7451 - -- System Information: Debian Release: 7.5 APT prefers stable APT policy: (500, 'stable'), (99, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages cacti depends on: ii dbconfig-common 1.8.47+nmu1 ii debconf [debconf-2.0] 1.5.49 ii libapache2-mod-php5 5.4.4-14+deb7u11 ii libphp-adodb 5.15-1 ii mysql-client-5.5 [virtual-mysql-client] 5.5.37-0+wheezy1 ii perl 5.14.2-21+deb7u1 ii php5-cli 5.4.4-14+deb7u11 ii php5-mysql 5.4.4-14+deb7u11 ii php5-snmp 5.4.4-14+deb7u11 ii rrdtool 1.4.7-2 ii snmp 5.4.3~dfsg-2.8 ii ucf 3.0025+nmu3 Versions of packages cacti recommends: ii apache2-mpm-prefork [httpd] 2.2.22-13+deb7u1 ii iputils-ping 3:20101006-1+b1 ii libjs-jquery 1.7.2+dfsg-1 ii libjs-jquery-cookie 9-1 ii lighttpd [httpd] 1.4.31-4+deb7u3 ii logrotate 3.8.1-4 ii mysql-server 5.5.37-0+wheezy1 Versions of packages cacti suggests: ii moreutils 0.47 pn php5-ldap <none> - -- debconf information excluded -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJTqdeoAAoJEJxcmesFvXUKfCsH+waGVLE0MhVourtuswP5Dzmb XNiDG22yZWv2n8l118vK8+5pmY2UsZGDuIOA7vME611flPUa2QhAKuXd9Y4znlg5 LFeMLJ2mSPdSr+YGqly1ToA9iMiYHh44mZIDCiXBdn7wpP1NBkAToZyvN2Etze89 lVfWkTTbWpkU5T3IQLqhZ8reRHWvfex4msjNNfjB+Y4gphd5MTm+tHh+8/YA59LG /L+Dgr25dEMDJG0v47wGqQ9ACRtL5ZtoOzY4R8HY3FO1xY0QIO6qh9ICSG/8O3eb ip8/tNynGcHfGLXVJiRzbxxHnnihwKacKp5gmrgDPmmZhmGduFTy9m3gsEEGdL4= =rPL2 -----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---Source: cacti Source-Version: 0.8.8b+dfsg-6 We believe that the bug you reported is fixed in the latest version of cacti, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 752...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Paul Gevers <elb...@debian.org> (supplier of updated cacti package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 25 Jun 2014 22:33:53 +0200 Source: cacti Binary: cacti Architecture: source all Version: 0.8.8b+dfsg-6 Distribution: unstable Urgency: high Maintainer: Cacti Maintainer <pkg-cacti-ma...@lists.alioth.debian.org> Changed-By: Paul Gevers <elb...@debian.org> Description: cacti - web interface for graphing of monitoring systems Closes: 742768 744067 752573 Changes: cacti (0.8.8b+dfsg-6) unstable; urgency=high . * Add alternative php5-mysql | php5-mysqlnd (Closes: #744067) * Security update (Closes: #742768, #752573) - CVE-2014-2327 Cross Site Request Forgery Vulnerability - CVE-2014-4002 Cross-Site Scripting Vulnerability Checksums-Sha1: cb0087d5f3770dea819440882c268c754ae0f0e3 1655 cacti_0.8.8b+dfsg-6.dsc 5a34a582d9c8677518a33234a4ad1ac8024ee61a 103284 cacti_0.8.8b+dfsg-6.debian.tar.xz 7b62b650d11502daed7091fbd7985634bfd59f54 1892594 cacti_0.8.8b+dfsg-6_all.deb Checksums-Sha256: f72c1022c8497784322e9bb3db94bff0f72ddbe2f38acfbc9f894236741a86d4 1655 cacti_0.8.8b+dfsg-6.dsc 18433ea70e341eff55c005ff1796018f546fa53ed1159e2cd69ec1c9a96168ec 103284 cacti_0.8.8b+dfsg-6.debian.tar.xz ab5ab0a70f308814acb5f2fdb3b32e398e47567e005065d9fd3d60748470a7aa 1892594 cacti_0.8.8b+dfsg-6_all.deb Files: 0aa31425f144e81ad972e6ec0aff7d9f 1892594 web extra cacti_0.8.8b+dfsg-6_all.deb 6de034dfcb0d7ecf5e6978bf61d9b45c 1655 web extra cacti_0.8.8b+dfsg-6.dsc c06386ec36c90e07234da262dc2136e4 103284 web extra cacti_0.8.8b+dfsg-6.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJTqzRsAAoJEJxcmesFvXUKseAIAKKzrFxl91WYCof/mF8pxeD9 OjOumQOUH/BSNDfsgou3Vk/hVsiMOZroSaEuTYDznfJPa1ajkFENHL5AySAD44xK sdlHBlpDkp/KexgKBBV+2zxdokjk7BZrfVtJowEkfbVhTOErK+KnUhXmj3sK4tvi sCQQQS4QNL8iRHVnMKuOQge3YKLiM9uWyA/fjS3LRqNCdNasvknWk2r+9xLBx4uK wdmeYubm3oCjc+zWmq9RrhYIYTw0RKyXzk3EqPJHcsGeqsnIk6uYtYch014SRune 3XJWYF3Zj6cShJtFkwyEz/GxesSBs7E5ec/BduJKPzJqb8q24MzYsOtD7jH1AR0= =2G1F -----END PGP SIGNATURE-----
--- End Message ---
