[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#942524: buster-pu: package graphite-web/1.1.4-3 CVE-2017-18638



Control: tags -1 + confirmed

On Thu, 2019-10-17 at 18:00 +0200, Thomas Goirand wrote:
> We would like to update graphite-web to fix 2 issues: the first one
> is
> a message sent every hour if there's no whisper db, and is debian
> specific. The 2nd one is a fix for CVE-2017-18638, where there is
> an SSRF possible attack against graphite-web (the patch just removes
> the send_email route and associated code.
> 

Please go ahead.

Regards,

Adam


Reply to: