[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DLA 2069-1] cacti security update



Hi Hugo et al.,

> > Package        : cacti
> > Version        : 0.8.8b+dfsg-8+deb8u9
> > CVE ID         : CVE-2020-7106
[…]
> a followup patch was just published for CVE-2020-7106[0]. If you want to
> release a regression update, I'd recommend to wait a few days. I would not
> be surprised to see more fixes coming. :-)

Just following up to all of this after giving it time to settle. The
the "followup patch" you refer to, ie:

  https://github.com/Cacti/cacti/commit/47a000b5aba4af16967e249b25f25397506e3464

… refers to code that is not is not present in cacti 0.8.8b and
(unless I missing any other commits I therefore conclude that this CVE
to be resolved in jessie LTS. I have accordingly removed it from the
dla-needed.txt file.

Thanks for your diligence on this. :)


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org 🍥 chris-lamb.co.uk
       `-


Reply to: