[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#652371: [CVE-2011-4824] SQL injection issue in auth_login.php



tags 652371 patch
thanks

On Sat, Dec 17, 2011 at 3:07 AM, Florian Weimer <fw@deneb.enyo.de> wrote:
> Package: cacti
> Version: 0.8.7g-1
> Tags: security upstream fixed-upstream
> Severity: grave
>
> Several vulnerabilities have been disclosed in cacti:
>
> | SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h
> | allows remote attackers to execute arbitrary SQL commands via the
> | login_username parameter.
>
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4824>
>
> The upstream announcement also mentions "Cross-site scripting issues":
> <http://www.cacti.net/release_notes_0_8_7h.php>
>
> Would you please fixed packages for lenny and squeeze and send a
> source debdiff to the security team?
>
>
>

Attached debdiff to fix CVE-2011-4824 in squeeze, for lenny i still
waiting my friend Paul from pkg-cacti

Attachment: cacti_0.8.7g-1squeeze1.dsc.debdiff
Description: Binary data


Reply to: