From owner-freebsd-ports@FreeBSD.ORG  Wed Aug 28 08:22:05 2013
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id E0E5DC49;
 Wed, 28 Aug 2013 08:22:05 +0000 (UTC)
 (envelope-from rodrigo@bebik.net)
Received: from smtp5-g21.free.fr (smtp5-g21.free.fr [IPv6:2a01:e0c:1:1599::14])
 by mx1.freebsd.org (Postfix) with ESMTP id D5BF724D4;
 Wed, 28 Aug 2013 08:22:03 +0000 (UTC)
Received: from oldfaithful.bebik.local (unknown [82.227.164.69])
 by smtp5-g21.free.fr (Postfix) with ESMTP id 00B95D4808A;
 Wed, 28 Aug 2013 10:21:55 +0200 (CEST)
Received: by oldfaithful.bebik.local (Postfix, from userid 1001)
 id 8AF0280080C; Wed, 28 Aug 2013 10:10:52 +0200 (CEST)
Date: Wed, 28 Aug 2013 10:10:52 +0200
From: Rodrigo OSORIO <rodrigo@bebik.net>
To: Andrea Venturoli <ml@netfence.it>
Subject: Re: Cacti vulnerable?
Message-ID: <20130828081052.GA54712@oldfaithful.bebik.local>
References: <521DAB7C.4000100@netfence.it>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <521DAB7C.4000100@netfence.it>
User-Agent: Mutt/1.4.2.3i
Cc: freebsd-ports@freebsd.org, sem@FreeBSD.org
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Aug 2013 08:22:05 -0000

Hi,

Not really, according to cve, releases before 0.8.8b are affected,
and we have 0.8.8a.

- rodrigo

On 28/08/13 09:49 +0200, Andrea Venturoli wrote:
> Hello.
> 
> In ports we have Cacti 0.8.8a.
> According to 0.8.8b release notes 
> (http://www.cacti.net/release_notes_0_8_8b.php), "multiple ... SQL 
> injection vulnerabilities" were fixed in that release.
> Portaudit doesn't bring up any warning.
> 
> Is the version in our port tree safe?
> 
>  bye & Thanks
> 	av.
> _______________________________________________
> freebsd-ports@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org"