Date: Wed, 25 Dec 2019 06:23:07 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 242834] net-mgmt/cacti: Update to 1.2.8 Message-ID: <bug-242834-7788-ABR02wMEiD@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-242834-7788@https.bugs.freebsd.org/bugzilla/> References: <bug-242834-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242834 --- Comment #2 from Michael Muenz <m.muenz@gmail.com> --- Is this handled like a usual port update? I'm not really familiar with this. Does this look sane: <vuln vid=3D"86224a04-26de-11ea-97f2-001a8c5c04b6"> <topic>cacti -- Missing sanitization checks while deserializating data</topic> <affects> <package> <name>cacti</name> <range><lt>1.2.8</lt></range> </package> </affects> <description> <body xmlns=3D"http://www.w3.org/1999/xhtml"> <p>The cacti developers reports:</p> <blockquote cite=3D"https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2019-17358"> <p>When deserializating data, ensure basic sanitization has been performed</p> </blockquote> </body> </description> <references> <cvename>CVE-2019-17358</cvename> <url>https://github.com/Cacti/cacti/releases/tag/release%2F1.2.8</url> </references> <dates> <discovery>2019-12-07</discovery> <entry>2019-12-25</entry> </dates> </vuln> <vuln vid=3D"bdb934af-26dd-11ea-97f2-001a8c5c04b6"> <topic>cacti -- Input variables are not properly checked</topic> <affects> <package> <name>cacti</name> <range><lt>1.2.8</lt></range> </package> </affects> <description> <body xmlns=3D"http://www.w3.org/1999/xhtml"> <p>The cacti developers reports:</p> <blockquote cite=3D"https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2019-17357"> <p>When viewing graphs, some input variables are not properly checked.</p> </blockquote> </body> </description> <references> <cvename>CVE-2019-17357</cvename> <url>https://github.com/Cacti/cacti/releases/tag/release%2F1.2.8</url> </references> <dates> <discovery>2019-12-07</discovery> <entry>2019-12-25</entry> </dates> </vuln> --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-242834-7788-ABR02wMEiD>