Bug#720454: [Pkg-graphite-maint] Bug#720454: Bug#720454: graphite-web: CVE-2013-5093: Graphite remote code execution

Hello, > Thanks for the quick reaction on this bugreport! Btw, it might make > sense to straight update to the newest upstream version for this, as > graphite-web is only in jessie and sid, and the new upstream version > fixes also other fixes for cross-site scripting vulnerabilities. I will pack

Bug#720454: [Pkg-graphite-maint] Bug#720454: graphite-web: CVE-2013-5093: Graphite remote code execution

Hi Jonas, Hi Mathieu On Thu, Aug 22, 2013 at 10:05:59AM +0200, Jonas Genannt wrote: > I have added the patch to fix a security problem in graphite-web. It's > available in git. Could you please upload graphite-web to unstable? Thanks for the quick reaction on this bugreport! Btw, it might make se

Bug#720454: [Pkg-graphite-maint] Bug#720454: graphite-web: CVE-2013-5093: Graphite remote code execution

Hello Mathieu, I have added the patch to fix a security problem in graphite-web. It's available in git. Could you please upload graphite-web to unstable? Thanks, Jonas > CVE-2013-5093[0]: > Graphite remote code execution > > See the advisory in [1] and there are either patch[2] for 0.

Bug#720454: graphite-web: CVE-2013-5093: Graphite remote code execution

Package: graphite-web Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for graphite-web. CVE-2013-5093[0]: Graphite remote code execution See the advisory in [1] and there are either patch[2] for 0.9.10 or updating to 0.9.11/0.9.12 (whic