tags 652371 patch thanks On Sat, Dec 17, 2011 at 3:07 AM, Florian Weimer <fw@deneb.enyo.de> wrote: > Package: cacti > Version: 0.8.7g-1 > Tags: security upstream fixed-upstream > Severity: grave > > Several vulnerabilities have been disclosed in cacti: > > | SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h > | allows remote attackers to execute arbitrary SQL commands via the > | login_username parameter. > > <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4824> > > The upstream announcement also mentions "Cross-site scripting issues": > <http://www.cacti.net/release_notes_0_8_7h.php> > > Would you please fixed packages for lenny and squeeze and send a > source debdiff to the security team? > > > Attached debdiff to fix CVE-2011-4824 in squeeze, for lenny i still waiting my friend Paul from pkg-cacti
Attachment:
cacti_0.8.7g-1squeeze1.dsc.debdiff
Description: Binary data