Accepted cacti 1.2.16+ds1-2 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 17 Jan 2021 21:26:01 +0100
Source: cacti
Architecture: source
Version: 1.2.16+ds1-2
Distribution: unstable
Urgency: medium
Maintainer: Cacti Maintainer <pkg-cacti-maint@lists.alioth.debian.org>
Changed-By: Paul Gevers <elbrus@debian.org>
Closes: 979998
Changes:
cacti (1.2.16+ds1-2) unstable; urgency=medium
.
* Add 0001-Fixing-Issue-4022.patch (Closes: #979998)
- CVE-2020-35701: SQL injection via data_debug.php
* Add 0001-Fixing-Issue-4019.patch
There are a few places in the current code where an attacker, once
having gained access to the Cacti database through a SQL injection,
could modify data in tables to possibly expose an stored XSS bug in
Cacti.
Checksums-Sha1:
876a9f1bcc8ddd6f48069b3263bd7de2f33352dd 2237 cacti_1.2.16+ds1-2.dsc
f93bbcca5567c1196578939352dc17f0e63e15fd 56760 cacti_1.2.16+ds1-2.debian.tar.xz
Checksums-Sha256:
f04c0e6982ed1194c865404d92bfa965a4d9370ed2bda977b7d082ac9036171f 2237 cacti_1.2.16+ds1-2.dsc
4a63d4c0fd6e48571fc4b93659f61210c73959ad6fd1767fec39dc611d738782 56760 cacti_1.2.16+ds1-2.debian.tar.xz
Files:
17457cbcc9f09003cd89ab571c30b704 2237 web optional cacti_1.2.16+ds1-2.dsc
829232c329cdadd3606f9efcad2cbd4c 56760 web optional cacti_1.2.16+ds1-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEWLZtSHNr6TsFLeZynFyZ6wW9dQoFAmAEp2EACgkQnFyZ6wW9
dQq9Uwf9H3QLwN5rWz6dw7bF9EvApXgfxNEzD9UTs/t80Xux+/qYkJxto/EuDZzO
Jp0SIa9RrMWwIrqwh04KenOWau3rm3WAxlfZ7QkzNoidjVer0ChK+Y6alPYg1h3z
L1W38DytF5uS9HFg27VdlGuyGQXZYjdzJGU1LhKySzqChzzqWla6UuybKsnrw+6S
c90x2Bn8xY/i7L6hv+5y0Os3GkHIwiFSPPnBt+Ddd+6jpW1wzbXmRK+TSx5CSdrH
hLa666SjmEkB8CoeFJrNwsQRpLthV8r+2BAf51QU0g3NGva/r7u4BnnSFKlwqAyP
OiN4FAsyzqGIj2/qGG7BH7YVUaL3Ag==
=63eg
-----END PGP SIGNATURE-----
Reply to: