-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 17 Jan 2021 21:26:01 +0100 Source: cacti Architecture: source Version: 1.2.16+ds1-2 Distribution: unstable Urgency: medium Maintainer: Cacti Maintainer <pkg-cacti-maint@lists.alioth.debian.org> Changed-By: Paul Gevers <elbrus@debian.org> Closes: 979998 Changes: cacti (1.2.16+ds1-2) unstable; urgency=medium . * Add 0001-Fixing-Issue-4022.patch (Closes: #979998) - CVE-2020-35701: SQL injection via data_debug.php * Add 0001-Fixing-Issue-4019.patch There are a few places in the current code where an attacker, once having gained access to the Cacti database through a SQL injection, could modify data in tables to possibly expose an stored XSS bug in Cacti. Checksums-Sha1: 876a9f1bcc8ddd6f48069b3263bd7de2f33352dd 2237 cacti_1.2.16+ds1-2.dsc f93bbcca5567c1196578939352dc17f0e63e15fd 56760 cacti_1.2.16+ds1-2.debian.tar.xz Checksums-Sha256: f04c0e6982ed1194c865404d92bfa965a4d9370ed2bda977b7d082ac9036171f 2237 cacti_1.2.16+ds1-2.dsc 4a63d4c0fd6e48571fc4b93659f61210c73959ad6fd1767fec39dc611d738782 56760 cacti_1.2.16+ds1-2.debian.tar.xz Files: 17457cbcc9f09003cd89ab571c30b704 2237 web optional cacti_1.2.16+ds1-2.dsc 829232c329cdadd3606f9efcad2cbd4c 56760 web optional cacti_1.2.16+ds1-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEWLZtSHNr6TsFLeZynFyZ6wW9dQoFAmAEp2EACgkQnFyZ6wW9 dQq9Uwf9H3QLwN5rWz6dw7bF9EvApXgfxNEzD9UTs/t80Xux+/qYkJxto/EuDZzO Jp0SIa9RrMWwIrqwh04KenOWau3rm3WAxlfZ7QkzNoidjVer0ChK+Y6alPYg1h3z L1W38DytF5uS9HFg27VdlGuyGQXZYjdzJGU1LhKySzqChzzqWla6UuybKsnrw+6S c90x2Bn8xY/i7L6hv+5y0Os3GkHIwiFSPPnBt+Ddd+6jpW1wzbXmRK+TSx5CSdrH hLa666SjmEkB8CoeFJrNwsQRpLthV8r+2BAf51QU0g3NGva/r7u4BnnSFKlwqAyP OiN4FAsyzqGIj2/qGG7BH7YVUaL3Ag== =63eg -----END PGP SIGNATURE-----
