[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DLA 2069-1] cacti security update

Hi Chris,

On Sat, Jan 18, 2020 at 02:01:07PM +0000, Chris Lamb wrote:
> Package        : cacti
> Version        : 0.8.8b+dfsg-8+deb8u9
> CVE ID         : CVE-2020-7106
> It was discovered that there were a number of cross-site scripting
> vulnerabilities in cacti, a web interface for monitoring systems.
> For Debian 8 "Jessie", this issue has been fixed in cacti version
> 0.8.8b+dfsg-8+deb8u9.
> We recommend that you upgrade your cacti packages.
> Further information about Debian LTS security advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://wiki.debian.org/LTS

a followup patch was just published for CVE-2020-7106[0]. If you want to
release a regression update, I'd recommend to wait a few days. I would not
be surprised to see more fixes coming. :-)


[0] https://github.com/Cacti/cacti/commit/47a000b5aba4af16967e249b25f25397506e3464

                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C

Attachment: signature.asc
Description: PGP signature

Reply to: