On 29/07/16 20:05, Emilio Pozuelo Monfort wrote: > On 28/07/16 14:59, Matus UHLAR - fantomas wrote: >>> On 28/07/16 13:35, Matus UHLAR - fantomas wrote: >>>> i believe the fix for CVE-2016-2313 in >>>> CVE-2016-2313-authentication-bypass.patch is invalid. >> >> On 28.07.16 14:26, Emilio Pozuelo Monfort wrote: >>> Thanks for the report. I'll look at it later today. >> >> I have posted cacti bug http://bugs.cacti.net/view.php?id=2697 >> and attached patch >> http://bugs.cacti.net/file_download.php?file_id=1229&type=bug >> >> that should fix the issue. The patch is to be applied to "fixed" version >> in debian > > The patch looks sensible to me, but I'd like to give upstream a few days to > comment. > > BTW you may want to send a pull request at https://github.com/Cacti/cacti
I have just uploaded a fix for this. Cheers, Emilio
