Hi Chris, On 04-01-16 13:20, Chris Lamb wrote: > cacti (0.8.7g-1+squeeze9+deb6u13) squeeze-lts; urgency=high > . > * Correct yet another regression in patch for CVE-2015-8369, introduced in > 0.8.7g-1+squeeze9+deb6u12. Thanks to Marcel Meckel <debian@thermoman.de> > (Closes: #809260, #807599) Apart from your weird continuation of the squeeze version numbers ;), thanks a lot for the cacti updates in lts. Would you mind sharing your fix for CVE-2015-8377 also with the rest of the world, i.e. add a patch to the cacti bug tracker (be it in but 2652¹ if it really is the same, or in a new bug if bug 2652 is not the same and not fixed by your patch)? To be honest, I would have expected you would have shared your fix somewhere, e.g. also in a regular bug against cacti such that the (old)stable releases could more easily see/use the patch. The patch looks extremely simple. Could you help me by telling how you tested the patch? Paul ¹ http://bugs.cacti.net/view.php?id=2652
Attachment:
signature.asc
Description: OpenPGP digital signature