[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2020-7106/cacti: postponed in stretch & buster

Wed, 22 Jan 2020 23:16:35 -0800 


Hugo Lefeuvre pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a3df52a2 by Hugo Lefeuvre at 2020-01-23T08:09:03+01:00
CVE-2020-7106/cacti: postponed in stretch & buster

XSS can only be triggered in administration areas only accessible by
users with administration privileges. Fix this along with more
important issues in a future DSA.

- - - - -
79e2cd5b by Hugo Lefeuvre at 2020-01-23T08:14:43+01:00
dla-needed: update cacti notes (regression update)

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1625,6 +1625,8 @@ CVE-2020-7107 (The Ultimate FAQ plugin before 1.8.30 for 
WordPress allows XSS vi
 CVE-2020-7106 (Cacti 1.2.8 has stored XSS in data_sources.php, 
color_templates_item.p ...)
        {DLA-2069-1}
        - cacti <unfixed>
+       [buster] - cacti <postponed> (can be fixed along with more important 
issues)
+       [stretch] - cacti <postponed> (can be fixed along with more important 
issues)
        NOTE: https://github.com/Cacti/cacti/issues/3191
        NOTE: 
https://github.com/Cacti/cacti/commit/4cbb045e03ee20a2bd09094a201a925fbb8a39d9
        NOTE: 
https://github.com/Cacti/cacti/commit/47a000b5aba4af16967e249b25f25397506e3464


=====================================
data/dla-needed.txt
=====================================
@@ -11,6 +11,10 @@ 
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 
 --
 cacti (Chris Lamb)
+  NOTE: CVE-2020-7106: one more followup fix is coming (currently PRed by
+  NOTE: @smutranchi), we should probably wait for the fix to stabilize &
+  NOTE: potential regression reports to come up before releasing a regression
+  NOTE: update (2020-01-23, hle)
 --
 clamav (Hugo Lefeuvre)
   NOTE: 20200111: waiting for 0.102.1 to enter stretch/buster.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/e334c939d43c225c3c253aa275e037f9fbd03ebc...79e2cd5b82bc0dfaabc4ff1b29ae5a772e5772b1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/e334c939d43c225c3c253aa275e037f9fbd03ebc...79e2cd5b82bc0dfaabc4ff1b29ae5a772e5772b1
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to