[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2016-2313 fix wrong

On 28/07/16 14:59, Matus UHLAR - fantomas wrote:
>> On 28/07/16 13:35, Matus UHLAR - fantomas wrote:
>>> i believe the fix for CVE-2016-2313 in
>>> CVE-2016-2313-authentication-bypass.patch is invalid.
> On 28.07.16 14:26, Emilio Pozuelo Monfort wrote:
>> Thanks for the report. I'll look at it later today.
> I have posted cacti bug http://bugs.cacti.net/view.php?id=2697
> and attached patch
> http://bugs.cacti.net/file_download.php?file_id=1229&type=bug
> that should fix the issue. The patch is to be applied to "fixed" version
> in debian

The patch looks sensible to me, but I'd like to give upstream a few days to comment.

BTW you may want to send a pull request at https://github.com/Cacti/cacti


Reply to: