Bug#942524: buster-pu: package graphite-web/1.1.4-3 CVE-2017-18638
Control: tags -1 + confirmed
On Thu, 2019-10-17 at 18:00 +0200, Thomas Goirand wrote:
> We would like to update graphite-web to fix 2 issues: the first one
> is
> a message sent every hour if there's no whisper db, and is debian
> specific. The 2nd one is a fix for CVE-2017-18638, where there is
> an SSRF possible attack against graphite-web (the patch just removes
> the send_email route and associated code.
>
Please go ahead.
Regards,
Adam
Reply to: