Your message dated Fri, 04 Jul 2014 07:53:04 +0000 with message-id <e1x2yiq-0001u0...@franck.debian.org> and subject line Bug#752573: fixed in cacti 0.8.8a+dfsg-5+deb7u3 has caused the Debian Bug report #752573, regarding cacti: CVE-2014-4002 Cross-Site Scripting Vulnerability to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 752573: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752573 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: cacti Version: 0.8.8b+dfsg-5 Severity: grave Tags: security patch upstream pending Justification: user security hole -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cacti upstream's svn [1] has a fix for CVE-2014-4002. I couldn't find any information yet elsewhere. I can only guess that also the change before this revision is also involved [2]. I will add this to my current update for cacti (in progress). [1] http://svn.cacti.net/viewvc?view=rev&revision=7452 [2] http://svn.cacti.net/viewvc?view=rev&revision=7451 - -- System Information: Debian Release: 7.5 APT prefers stable APT policy: (500, 'stable'), (99, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages cacti depends on: ii dbconfig-common 1.8.47+nmu1 ii debconf [debconf-2.0] 1.5.49 ii libapache2-mod-php5 5.4.4-14+deb7u11 ii libphp-adodb 5.15-1 ii mysql-client-5.5 [virtual-mysql-client] 5.5.37-0+wheezy1 ii perl 5.14.2-21+deb7u1 ii php5-cli 5.4.4-14+deb7u11 ii php5-mysql 5.4.4-14+deb7u11 ii php5-snmp 5.4.4-14+deb7u11 ii rrdtool 1.4.7-2 ii snmp 5.4.3~dfsg-2.8 ii ucf 3.0025+nmu3 Versions of packages cacti recommends: ii apache2-mpm-prefork [httpd] 2.2.22-13+deb7u1 ii iputils-ping 3:20101006-1+b1 ii libjs-jquery 1.7.2+dfsg-1 ii libjs-jquery-cookie 9-1 ii lighttpd [httpd] 1.4.31-4+deb7u3 ii logrotate 3.8.1-4 ii mysql-server 5.5.37-0+wheezy1 Versions of packages cacti suggests: ii moreutils 0.47 pn php5-ldap <none> - -- debconf information excluded -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJTqdeoAAoJEJxcmesFvXUKfCsH+waGVLE0MhVourtuswP5Dzmb XNiDG22yZWv2n8l118vK8+5pmY2UsZGDuIOA7vME611flPUa2QhAKuXd9Y4znlg5 LFeMLJ2mSPdSr+YGqly1ToA9iMiYHh44mZIDCiXBdn7wpP1NBkAToZyvN2Etze89 lVfWkTTbWpkU5T3IQLqhZ8reRHWvfex4msjNNfjB+Y4gphd5MTm+tHh+8/YA59LG /L+Dgr25dEMDJG0v47wGqQ9ACRtL5ZtoOzY4R8HY3FO1xY0QIO6qh9ICSG/8O3eb ip8/tNynGcHfGLXVJiRzbxxHnnihwKacKp5gmrgDPmmZhmGduFTy9m3gsEEGdL4= =rPL2 -----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---Source: cacti Source-Version: 0.8.8a+dfsg-5+deb7u3 We believe that the bug you reported is fixed in the latest version of cacti, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 752...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Paul Gevers <elb...@debian.org> (supplier of updated cacti package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 26 Jun 2014 21:01:50 +0200 Source: cacti Binary: cacti Architecture: source all Version: 0.8.8a+dfsg-5+deb7u3 Distribution: wheezy-security Urgency: high Maintainer: Cacti Maintainer <pkg-cacti-ma...@lists.alioth.debian.org> Changed-By: Paul Gevers <elb...@debian.org> Description: cacti - web interface for graphing of monitoring systems Closes: 742768 743565 752573 Changes: cacti (0.8.8a+dfsg-5+deb7u3) wheezy-security; urgency=high . * Security upload (Closes: #742768, #743565, #752573) - CVE-2014-2326 Cross-site scripting (XSS) vulnerability - CVE-2014-2327 Cross Site Request Forgery Vulnerability - CVE-2014-2328 Unspecified Remote Command Execution Vulnerability - CVE-2014-2708 SQL injection - CVE-2014-2709 Unspecified Remote Command Execution Vulnerability - CVE-2014-4002 Cross-Site Scripting Vulnerability Checksums-Sha1: 9acdcd6e9e6b16603e2ee400197df3282a1e6b83 1683 cacti_0.8.8a+dfsg-5+deb7u3.dsc 1d3cc0a0c7ce926893644967ee151c4c4bc65466 121095 cacti_0.8.8a+dfsg-5+deb7u3.debian.tar.gz 49ce8a79add38a77e69a23f885df62888c8dcb3e 2147332 cacti_0.8.8a+dfsg-5+deb7u3_all.deb Checksums-Sha256: 329bd24accebeab86ac701788a092b090454d80ec69c9c05d8ba0e2a13a7cb93 1683 cacti_0.8.8a+dfsg-5+deb7u3.dsc c105e1fd8d185a26308343a0c2575fb350aa7555bf61da488a63ff40a3b183d5 121095 cacti_0.8.8a+dfsg-5+deb7u3.debian.tar.gz 8c9606571c58b135d3320ebf1222f924badd5172915dd69966c373467ab573e2 2147332 cacti_0.8.8a+dfsg-5+deb7u3_all.deb Files: 724367875a4e43438b532c33cb59d853 1683 web extra cacti_0.8.8a+dfsg-5+deb7u3.dsc 8237f1100ca61743de8e0e4b2e5f2fab 121095 web extra cacti_0.8.8a+dfsg-5+deb7u3.debian.tar.gz 80c20926bb4e0502b0aae27d767631e0 2147332 web extra cacti_0.8.8a+dfsg-5+deb7u3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJTrV5RAAoJEJxcmesFvXUKMGgH/jYf08AmZzl0hsK7UIengiAi iN1twNHRlyPfL1/YkirbQFHpPHeas49VbEN5geqMbSLHRRyfJ/ftz7w33Oxt20ON GSWHNSAcT9GXjhe8LuAZlxRFnf7No70K0hRJ91yEeHrA/lbtpgInIcwot9yyKZDk xmxNf+uPk0ultoTC6JxoSVaDwyj/GxCH9Dzy86sq3DSByhEk+4NYAs6WsXfFIMuj aQqf1rUwIlHWA3+Hfr0qfRozEKKJFcoZaqZkFjbBQ9ueDUV03qmWeog1n7ujkCkf D7Kerx+u7XPcuOgFKCs1DPHIWkAjHLA+Y03yJTPtE/5p2G6ENI85UCoTlLXu5KU= =TD4G -----END PGP SIGNATURE-----
--- End Message ---
