[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2016-2313 fix wrong

On 28/07/16 13:35, Matus UHLAR - fantomas wrote:
i believe the fix for CVE-2016-2313 in
CVE-2016-2313-authentication-bypass.patch is invalid.

On 28.07.16 14:26, Emilio Pozuelo Monfort wrote:
Thanks for the report. I'll look at it later today.

I have posted cacti bug http://bugs.cacti.net/view.php?id=2697
and attached patch

that should fix the issue. The patch is to be applied to "fixed" version
in debian

Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete

Reply to: