From nobody Wed Feb 05 07:20:03 2025
X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yns7x1PVgz5mJ9H
	for <freebsd-ports@mlmmj.nyi.freebsd.org>; Wed, 05 Feb 2025 07:20:13 +0000 (UTC)
	(envelope-from ml@netfence.it)
Received: from soth.netfence.it (mailserver.netfence.it [78.134.96.152])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "mailserver.netfence.it", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Yns7w1MMyz4LfL
	for <freebsd-ports@freebsd.org>; Wed, 05 Feb 2025 07:20:11 +0000 (UTC)
	(envelope-from ml@netfence.it)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	spf=pass (mx1.freebsd.org: domain of ml@netfence.it designates 78.134.96.152 as permitted sender) smtp.mailfrom=ml@netfence.it;
	dmarc=pass (policy=none) header.from=netfence.it
Received: from [10.1.2.18] (alamar.local.netfence.it [10.1.2.18])
	(authenticated bits=0)
	by soth.netfence.it (8.18.1/8.17.2) with ESMTPSA id 5157K3XA058392
	(version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO);
	Wed, 5 Feb 2025 08:20:03 +0100 (CET)
	(envelope-from ml@netfence.it)
X-Authentication-Warning: soth.netfence.it: Host alamar.local.netfence.it [10.1.2.18] claimed to be [10.1.2.18]
Message-ID: <aa468f60-143a-489b-9d03-f1c89be93493@netfence.it>
Date: Wed, 5 Feb 2025 08:20:03 +0100
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
X-BeenThere: freebsd-ports@freebsd.org
Sender: owner-freebsd-ports@FreeBSD.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: m.muenz@gmail.com
Cc: freebsd-ports@freebsd.org
From: Andrea Venturoli <ml@netfence.it>
Subject: Cacti vulnerabilities
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spamd-Result: default: False [-1.13 / 15.00];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_SPAM_SHORT(0.96)[0.956];
	DMARC_POLICY_ALLOW(-0.50)[netfence.it,none];
	NEURAL_HAM_MEDIUM(-0.28)[-0.285];
	R_SPF_ALLOW(-0.20)[+ip4:78.134.96.152];
	MIME_GOOD(-0.10)[text/plain];
	TAGGED_RCPT(0.00)[];
	RCVD_TLS_ALL(0.00)[];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	MID_RHS_MATCH_FROM(0.00)[];
	ASN(0.00)[asn:35612, ipnet:78.134.0.0/17, country:IT];
	ARC_NA(0.00)[];
	FREEMAIL_TO(0.00)[gmail.com];
	MLMMJ_DEST(0.00)[freebsd-ports@freebsd.org];
	RCVD_COUNT_ONE(0.00)[1];
	FROM_EQ_ENVFROM(0.00)[];
	HAS_XAW(0.00)[];
	R_DKIM_NA(0.00)[];
	FROM_HAS_DN(0.00)[];
	TO_MATCH_ENVRCPT_SOME(0.00)[];
	TO_DN_NONE(0.00)[];
	RCPT_COUNT_TWO(0.00)[2];
	MIME_TRACE(0.00)[0:+]
X-Spamd-Bar: -
X-Rspamd-Queue-Id: 4Yns7w1MMyz4LfL

Hello.

First off, thanks for all your work as Cacti maintainer.

We have version 1.2.28 in port tree, but this was recently deemed as 
vulnerabile and 1.2.29 has been out since a few days.

Are you planning the upgrade?
Can you give a timeframe?

Just asking, because otherwise we'll need to think about some other kind 
of remediations. :(

  bye & Thanks
	av.