Bug#964158: buster-pu: package cacti/1.2.2+ds1-2+deb10u3

To: Paul Gevers <elbrus@debian.org>, 964158@bugs.debian.org
Subject: Bug#964158: buster-pu: package cacti/1.2.2+ds1-2+deb10u3
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Thu, 02 Jul 2020 20:12:52 +0100
Message-id: <[🔎] e588b5e89c8e985bd50f8a321232b1d063cfcbab.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 964158@bugs.debian.org
In-reply-to: <[🔎] 353fed1e-f113-ef87-373c-cebee2159d9c@debian.org>
References: <[🔎] 353fed1e-f113-ef87-373c-cebee2159d9c@debian.org> <[🔎] 353fed1e-f113-ef87-373c-cebee2159d9c@debian.org>

Control: tags -1 + confirmed

On Thu, 2020-07-02 at 20:54 +0200, Paul Gevers wrote:
> There have been several CVE reports against cacti since the last
> security update. I have created a new package based on the upstream
> patches that fix those issues. Unfortunately, upstream has a tendency
> to regularly add a bit of fluff to those type of patches. In this
> case, upstream has canonized the solution for html escaping. To avoid
> making mistakes, I have left those canonizations in the patch, making
> it slightly bigger than necessary for the pure fix, but I believe at
> lower risk.
> 
> The reason why I started this PU is however a different issue
> (https://github.com/Cacti/cacti/issues/3245), where the graphs that
> are produced by cacti can't be manipulated for dates after Sep 13
> 2020.
> 

Please go ahead.

Regards,

Adam

Reply to:

References:
- Bug#964158: buster-pu: package cacti/1.2.2+ds1-2+deb10u3
  - From: Paul Gevers <elbrus@debian.org>

Prev by Date: Bug#964158: buster-pu: package cacti/1.2.2+ds1-2+deb10u3
Next by Date: Processed: Re: Bug#964158: buster-pu: package cacti/1.2.2+ds1-2+deb10u3
Previous by thread: Bug#964158: buster-pu: package cacti/1.2.2+ds1-2+deb10u3
Next by thread: Processed: Re: Bug#964158: buster-pu: package cacti/1.2.2+ds1-2+deb10u3
Index(es):
- Date
- Thread