Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 25 Dec 2019 06:23:07 +0000
From:      bugzilla-noreply@freebsd.org
To:        ports-bugs@FreeBSD.org
Subject:   [Bug 242834] net-mgmt/cacti: Update to 1.2.8
Message-ID:  <bug-242834-7788-ABR02wMEiD@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-242834-7788@https.bugs.freebsd.org/bugzilla/>
References:  <bug-242834-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242834

--- Comment #2 from Michael Muenz <m.muenz@gmail.com> ---
Is this handled like a usual port update? I'm not really familiar with this.
Does this look sane:

  <vuln vid=3D"86224a04-26de-11ea-97f2-001a8c5c04b6">
    <topic>cacti -- Missing sanitization checks while deserializating
data</topic>
    <affects>
      <package>
        <name>cacti</name>
        <range><lt>1.2.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns=3D"http://www.w3.org/1999/xhtml">;
        <p>The cacti developers reports:</p>
        <blockquote
cite=3D"https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2019-17358">;
          <p>When deserializating data, ensure basic sanitization has been
performed</p>
        </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2019-17358</cvename>
      <url>https://github.com/Cacti/cacti/releases/tag/release%2F1.2.8</url>;
    </references>
    <dates>
      <discovery>2019-12-07</discovery>
      <entry>2019-12-25</entry>
    </dates>
  </vuln>

  <vuln vid=3D"bdb934af-26dd-11ea-97f2-001a8c5c04b6">
    <topic>cacti -- Input variables are not properly checked</topic>
    <affects>
      <package>
        <name>cacti</name>
        <range><lt>1.2.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns=3D"http://www.w3.org/1999/xhtml">;
        <p>The cacti developers reports:</p>
        <blockquote
cite=3D"https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2019-17357">;
          <p>When viewing graphs, some input variables are not properly
checked.</p>
        </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2019-17357</cvename>
      <url>https://github.com/Cacti/cacti/releases/tag/release%2F1.2.8</url>;
    </references>
    <dates>
      <discovery>2019-12-07</discovery>
      <entry>2019-12-25</entry>
    </dates>
  </vuln>

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-242834-7788-ABR02wMEiD>