Re: cacti CVE-2017-1000031
On Fri, Jul 21, 2017 at 10:02:37AM +0200, Guido Günther wrote:
> Hi security team,
> I looked at CVE-2017-1000031 yesterday. After failing to exploit it
> via a SQL injection getting "validation errors". I then contacted the
> maintainer Paul Gevers and he replied promptly that this looks like a
> duplicate of CVE-2014-4002. Do you agree that this can be marked as
> not affecting Wheezy (and therefore not Jessie since it has the same
> source in this area)?
Not yet please, and in particular not not-affected but rahter should
be REJECTED if this is the case.
We contacted Paul, some days ago regarding this, and yes there is some
indication that it might be a duplicate of CVE-2014-4002. Still to be