Bug#964158: buster-pu: package cacti/1.2.2+ds1-2+deb10u3
Control: tags -1 + confirmed
On Thu, 2020-07-02 at 20:54 +0200, Paul Gevers wrote:
> There have been several CVE reports against cacti since the last
> security update. I have created a new package based on the upstream
> patches that fix those issues. Unfortunately, upstream has a tendency
> to regularly add a bit of fluff to those type of patches. In this
> case, upstream has canonized the solution for html escaping. To avoid
> making mistakes, I have left those canonizations in the patch, making
> it slightly bigger than necessary for the pure fix, but I believe at
> lower risk.
>
> The reason why I started this PU is however a different issue
> (https://github.com/Cacti/cacti/issues/3245), where the graphs that
> are produced by cacti can't be manipulated for dates after Sep 13
> 2020.
>
Please go ahead.
Regards,
Adam
Reply to: