Hi Chris, On 15-12-15 15:11, Chris Lamb wrote: >>> Just to clarify what's needed here - are you part of Debian LTS? >> >> What a difficult question to answer straight. Yes and no. Yes, I lurk on >> this e-mail list, yes, I have the intention to take care of "my" own >> packages as said multiple times on this list. > > Oh, I didn't mean to put you in a difficult position - am fairly > "new" so haven't seen you on the list before. I also didn't mean to > imply anything negative, I just didn't want either of us to do > unnecessary duplicated work. :) No worries. >> So, if you can check and test my debdiff you can upload and announce if >> you are satisfied with it > Looks good, at least by eye. However, Buxy pointed me towards a > supplementary CVE-2015-8377 > (http://seclists.org/fulldisclosure/2015/Dec/att-57/cacti_sqli%281%29.txt) > - we should probably test and upload these at the same time. Yes, but no fix exist yet that I am aware of. I don't have the time to investigate myself on the short term. Paul
Attachment:
signature.asc
Description: OpenPGP digital signature