Hi Salvatore, Paul,
I had a look at this issue in jessie, stretch and buster. I concluded that
jessie and stretch are not affected. I have reproduced the issue in buster.
# Quick breakdown:
Graphs are retrieved using rrdtool_function_graph() from lib/rrd.php, this
is true for jessie onwards.
rr
Hi Paul,
On Sat, Sep 28, 2019 at 11:03:48PM +0200, Paul Gevers wrote:
> Hi Salvatore,
>
> On 28-09-2019 23:41, Salvatore Bonaccorso wrote:
> >> So I believe the affected code was only introduced then.
> >
> > I tried to get an idea here, but still I'm not sure 100%. Isn't for
> > instance the is
Hi Salvatore,
On 28-09-2019 23:41, Salvatore Bonaccorso wrote:
>> So I believe the affected code was only introduced then.
>
> I tried to get an idea here, but still I'm not sure 100%. Isn't for
> instance the is_graph_allowed check missing in e.g. graph_xport.php,
> so before accessing the graph
Hi Paul,
On Tue, Sep 24, 2019 at 09:02:58PM +0200, Paul Gevers wrote:
> Hi,
>
> Although not 100% sure yet, I seriously doubt that old stable is
> affected as version 1.0.0 has this:
>
> -feature: New Graph Permissions system designed to make permissions
> simple to manage
>
> So I believe the
Hi,
Although not 100% sure yet, I seriously doubt that old stable is
affected as version 1.0.0 has this:
-feature: New Graph Permissions system designed to make permissions
simple to manage
So I believe the affected code was only introduced then.
Paul
signature.asc
Description: OpenPGP digit
Hi,
On Tue, Sep 24, 2019 at 08:43:46PM +0200, Paul Gevers wrote:
> Hi,
>
> On 24-09-2019 05:58, Salvatore Bonaccorso wrote:
> > Hi Paul,
> >
> > On Mon, Sep 23, 2019 at 10:28:31PM +0200, Paul Gevers wrote:
> >> Hi Salvatore,
> >>
> >> Thanks for your report.
> >>
> >> On 23-09-2019 22:20, Salvat
Hi,
On 24-09-2019 05:58, Salvatore Bonaccorso wrote:
> Hi Paul,
>
> On Mon, Sep 23, 2019 at 10:28:31PM +0200, Paul Gevers wrote:
>> Hi Salvatore,
>>
>> Thanks for your report.
>>
>> On 23-09-2019 22:20, Salvatore Bonaccorso wrote:
>>> The following vulnerability was published for cacti, filling f
Hi Paul,
On Mon, Sep 23, 2019 at 10:28:31PM +0200, Paul Gevers wrote:
> Hi Salvatore,
>
> Thanks for your report.
>
> On 23-09-2019 22:20, Salvatore Bonaccorso wrote:
> > The following vulnerability was published for cacti, filling for
> > tracking the upstream issue. At time of writing, I think
Hi Salvatore,
Thanks for your report.
On 23-09-2019 22:20, Salvatore Bonaccorso wrote:
> The following vulnerability was published for cacti, filling for
> tracking the upstream issue. At time of writing, I think there was not
> a patch upstream yet.
I think there is:
https://github.com/Cacti/ca
Source: cacti
Version: 1.2.6+ds1-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/Cacti/cacti/issues/2964
Hi,
The following vulnerability was published for cacti, filling for
tracking the upstream issue. At time of writing, I think there was not
a patch upstream yet.
C
10 matches
Mail list logo
