Bugzilla – Bug 834464
VUL-0: CVE-2013-1434 CVE-2013-1435: cacti: SQL injection and shell escaping issues fixed in 0.8.8b
Last modified: 2014-04-13 19:51:09 UTC
public via older updates and via redhat https://bugzilla.redhat.com/show_bug.cgi?id=994616 CVE-2013-1434 CVE-2013-1435 Cacti 0.8.8b was released [1] which includes a security fix for "SQL injection and shell escaping issues". [1] http://sourceforge.net/mailarchive/message.php?msg_id=31258868 cacti lives in openSUSE 12.2-factory, cc all maintainers as there is no specific bugpowner Please note that a regression was spotted too: Hi Kurt The fix for CVE-2013-1435[1] introduced a regression: [1] http://svn.cacti.net/viewvc?view=rev&revision=7393 It was reported in [2] and upstream proposed a fix [3] which was confirmed to work by two of the involved people. [2] http://sourceforge.net/mailarchive/message.php?msg_id=31262707 [3] http://sourceforge.net/mailarchive/message.php?msg_id=31262712 The corresponding svn commits should be the following: [4] http://svn.cacti.net/viewvc?view=rev&revision=7408 [5] http://svn.cacti.net/viewvc?view=rev&revision=7409 [6] http://svn.cacti.net/viewvc?view=rev&revision=7413
bugbot adjusting priority
Created a fixed package version mr#186874
For openSUSE 12.3 mr#186911
This is an autogenerated message for OBS integration: This bug (834464) was mentioned in https://build.opensuse.org/request/show/186874 Maintenance / https://build.opensuse.org/request/show/186911 Maintenance /
openSUSE-SU-2013:1377-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 834464 CVE References: CVE-2013-1434,CVE-2013-1435 Sources used: openSUSE 12.3 (src): cacti-0.8.8b-5.4.1 openSUSE 12.2 (src): cacti-0.8.8b-2.4.1
Fixed, packages found their way into the update repositories.