Hi security team, As discussed below and in bug 624516, I prepared a patch for CVE-2010-1644: cacti: XSS issues in host.php and data_sources.php in lenny. The maintainer of cacti suggested to contact you for further actions. I read [1] and prepared a .diff.gz and .dsc for you that you can find attached (with a slight change in the changelog with respect to the patch in bug report 624516).
Paul Debian Maintainer [1] http://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-security On 07/02/11 10:23, Mahyuddin Susanto wrote: > tag 624516 patch > stop > > Hi Paul, > > On 07/02/2011 02:09 AM, Paul Gevers wrote: >> Please find attached three patches against the pkg-cacti git branch >> debian-lenny to fix this bug. >> >> Feel free to use them. >> >> Paul > > Thanks, it would to nice if we counsult with debian-security team. you > can find them at http://lists.debian.org/debian-security-tracker/. and > uploading to you. > > Thanks for patch
cacti_0.8.7b-2.1+lenny4.diff.gz
Description: application/gzip
Format: 1.0 Source: cacti Binary: cacti Architecture: all Version: 0.8.7b-2.1+lenny4 Maintainer: Sean Finney <sean...@debian.org> Standards-Version: 3.7.3 Vcs-Browser: http://git.debian.org/?p=users/seanius/cacti.git Vcs-Git: git://git.debian.org/git/users/seanius/cacti.git Build-Depends: debhelper (>= 4.2.8), po-debconf, quilt Checksums-Sha1: 028ad46112c887dab91b47e4cb57097d985a2a50 1972444 cacti_0.8.7b.orig.tar.gz 5fc9b3fbfa0aea31d2fee7765e0358da59b21542 39196 cacti_0.8.7b-2.1+lenny4.diff.gz Checksums-Sha256: 30752127a9479a36d9d68fe16aa37b0c7fe182adb4efe8eea8b518b5607ac2de 1972444 cacti_0.8.7b.orig.tar.gz ba88b24cc917b92237565b1c835c547bff22ef413e8c1ecfc7c082da130c032b 39196 cacti_0.8.7b-2.1+lenny4.diff.gz Files: aa8a740a6ab88e3634b546c3e1bc502f 1972444 cacti_0.8.7b.orig.tar.gz 00aee77611bdfb7acbefb9c8a5d46927 39196 cacti_0.8.7b-2.1+lenny4.diff.gz
signature.asc
Description: OpenPGP digital signature
