oss-sec mailing list archives
CVE Request: Regression introduced in cacti with fix for CVE-2013-1435
From: Salvatore Bonaccorso <carnil () debian org>
Date: Thu, 8 Aug 2013 21:20:59 +0200
Hi Kurt The fix for CVE-2013-1435[1] introduced a regression: [1] http://svn.cacti.net/viewvc?view=rev&revision=7393 It was reported in [2] and upstream proposed a fix [3] which was confirmed to work by two of the involved people. [2] http://sourceforge.net/mailarchive/message.php?msg_id=31262707 [3] http://sourceforge.net/mailarchive/message.php?msg_id=31262712 The corresponding svn commits should be the following: [4] http://svn.cacti.net/viewvc?view=rev&revision=7408 [5] http://svn.cacti.net/viewvc?view=rev&revision=7409 [6] http://svn.cacti.net/viewvc?view=rev&revision=7413 Does this need a follow-up CVE assignment for the regression part introduced? Regards, Salvatore
Current thread:
- CVE Request: Regression introduced in cacti with fix for CVE-2013-1435 Salvatore Bonaccorso (Aug 08)
- Re: CVE Request: Regression introduced in cacti with fix for CVE-2013-1435 Vincent Danen (Aug 08)