oss-sec mailing list archives

CVE Request: Regression introduced in cacti with fix for CVE-2013-1435

From: Salvatore Bonaccorso <carnil () debian org>
Date: Thu, 8 Aug 2013 21:20:59 +0200

Hi Kurt

The fix for CVE-2013-1435[1] introduced a regression:

 [1] http://svn.cacti.net/viewvc?view=rev&revision=7393

It was reported in [2] and upstream proposed a fix [3] which was
confirmed to work by two of the involved people.

 [2] http://sourceforge.net/mailarchive/message.php?msg_id=31262707
 [3] http://sourceforge.net/mailarchive/message.php?msg_id=31262712

The corresponding svn commits should be the following:

 [4] http://svn.cacti.net/viewvc?view=rev&revision=7408
 [5] http://svn.cacti.net/viewvc?view=rev&revision=7409
 [6] http://svn.cacti.net/viewvc?view=rev&revision=7413

Does this need a follow-up CVE assignment for the regression part
introduced?

Regards,
Salvatore

Current thread:

CVE Request: Regression introduced in cacti with fix for CVE-2013-1435 Salvatore Bonaccorso (Aug 08)
- Re: CVE Request: Regression introduced in cacti with fix for CVE-2013-1435 Vincent Danen (Aug 08)