[Bug 242834] net-mgmt/cacti: Update to 1.2.8
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Dec 25 06:23:08 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=242834
--- Comment #2 from Michael Muenz <m.muenz at gmail.com> ---
Is this handled like a usual port update? I'm not really familiar with this.
Does this look sane:
<vuln vid="86224a04-26de-11ea-97f2-001a8c5c04b6">
<topic>cacti -- Missing sanitization checks while deserializating
data</topic>
<affects>
<package>
<name>cacti</name>
<range><lt>1.2.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The cacti developers reports:</p>
<blockquote
cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17358">
<p>When deserializating data, ensure basic sanitization has been
performed</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2019-17358</cvename>
<url>https://github.com/Cacti/cacti/releases/tag/release%2F1.2.8</url>
</references>
<dates>
<discovery>2019-12-07</discovery>
<entry>2019-12-25</entry>
</dates>
</vuln>
<vuln vid="bdb934af-26dd-11ea-97f2-001a8c5c04b6">
<topic>cacti -- Input variables are not properly checked</topic>
<affects>
<package>
<name>cacti</name>
<range><lt>1.2.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The cacti developers reports:</p>
<blockquote
cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17357">
<p>When viewing graphs, some input variables are not properly
checked.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2019-17357</cvename>
<url>https://github.com/Cacti/cacti/releases/tag/release%2F1.2.8</url>
</references>
<dates>
<discovery>2019-12-07</discovery>
<entry>2019-12-25</entry>
</dates>
</vuln>
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list