Hi Hugo et al., > > Package : cacti > > Version : 0.8.8b+dfsg-8+deb8u9 > > CVE ID : CVE-2020-7106 […] > a followup patch was just published for CVE-2020-7106[0]. If you want to > release a regression update, I'd recommend to wait a few days. I would not > be surprised to see more fixes coming. :-)
Just following up to all of this after giving it time to settle. The the "followup patch" you refer to, ie: https://github.com/Cacti/cacti/commit/47a000b5aba4af16967e249b25f25397506e3464 … refers to code that is not is not present in cacti 0.8.8b and (unless I missing any other commits I therefore conclude that this CVE to be resolved in jessie LTS. I have accordingly removed it from the dla-needed.txt file. Thanks for your diligence on this. :) Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org 🍥 chris-lamb.co.uk `-
