Re: CVE-2016-2313 fix wrong

To: debian-lts@lists.debian.org
Subject: Re: CVE-2016-2313 fix wrong
From: Matus UHLAR - fantomas <uhlar@fantomas.sk>
Date: Thu, 28 Jul 2016 14:59:09 +0200
Message-id: <[🔎] 20160728125909.GB32529@fantomas.sk>
Mail-followup-to: debian-lts@lists.debian.org
In-reply-to: <[🔎] d546132f-a748-5535-353c-6ca83021421d@debian.org>
References: <[🔎] 20160728113542.GA32529@fantomas.sk> <[🔎] d546132f-a748-5535-353c-6ca83021421d@debian.org>

On 28/07/16 13:35, Matus UHLAR - fantomas wrote:

i believe the fix for CVE-2016-2313 in
CVE-2016-2313-authentication-bypass.patch is invalid.


On 28.07.16 14:26, Emilio Pozuelo Monfort wrote:

Thanks for the report. I'll look at it later today.


I have posted cacti bug http://bugs.cacti.net/view.php?id=2697
and attached patch
http://bugs.cacti.net/file_download.php?file_id=1229&type=bug

that should fix the issue. The patch is to be applied to "fixed" version
in debian

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete

Reply to:

Follow-Ups:
- Re: CVE-2016-2313 fix wrong
  - From: Emilio Pozuelo Monfort <pochu@debian.org>

References:
- CVE-2016-2313 fix wrong
  - From: Matus UHLAR - fantomas <uhlar@fantomas.sk>
- Re: CVE-2016-2313 fix wrong
  - From: Emilio Pozuelo Monfort <pochu@debian.org>

Prev by Date: Re: CVE-2016-2313 fix wrong
Next by Date: Re: Wheezy update of collectd?
Previous by thread: Re: CVE-2016-2313 fix wrong
Next by thread: Re: CVE-2016-2313 fix wrong
Index(es):
- Date
- Thread