Hi all, Just in case somebody starts working on it, I'd like to review proposed uploads of cacti to LTS. CVE-2016-2313 was initially wrongly fixed (a sledgehammer for a simple nail). CVE-2016-3659 still needs reproducing in Debian and a check if the fix by a contributer in the upstream bug report is causing other damage. The third CVE has a trivial patch. Paul ps: see d-private.
Description: OpenPGP digital signature