cacti CVE-2017-1000031

To: team@security.debian.org
Cc: debian-lts@lists.debian.org
Subject: cacti CVE-2017-1000031
From: Guido Günther <agx@sigxcpu.org>
Date: Fri, 21 Jul 2017 10:02:37 +0200
Message-id: <[🔎] 20170721080237.vjaznfycldjgpsan@bogon.m.sigxcpu.org>
Mail-followup-to: Guido Günther <agx@sigxcpu.org>, team@security.debian.org, debian-lts@lists.debian.org

Hi security team,
I looked at CVE-2017-1000031 yesterday. After failing to exploit it
via a SQL injection getting "validation errors". I then contacted the
maintainer Paul Gevers and he replied promptly that this looks like a
duplicate of CVE-2014-4002. Do you agree that this can be marked as
not affecting Wheezy (and therefore not Jessie since it has the same
source in this area)?
Cheers,
 -- Guido

Reply to:

Follow-Ups:
- Re: cacti CVE-2017-1000031
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Re: help needed to complete regression fix for apache2 Bug#858373
Next by Date: Re: cacti CVE-2017-1000031
Previous by thread: Re: Wheezy update of freeradius?
Next by thread: Re: cacti CVE-2017-1000031
Index(es):
- Date
- Thread