-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 21 Jan 2021 20:16:38 +0100 Source: cacti Architecture: source Version: 1.2.2+ds1-2+deb10u4 Distribution: buster Urgency: medium Maintainer: Cacti Maintainer <pkg-cacti-maint@lists.alioth.debian.org> Changed-By: Paul Gevers <elbrus@debian.org> Closes: 979998 Changes: cacti (1.2.2+ds1-2+deb10u4) buster; urgency=medium . * Add 0001-Fixing-Issue-4022.patch (Closes: #979998) - CVE-2020-35701: SQL injection via data_debug.php * Add 0001-Fixing-Issue-4019.patch There are a few places in the current code where an attacker, once having gained access to the Cacti database through a SQL injection, could modify data in tables to possibly expose an stored XSS bug in Cacti. Checksums-Sha1: f0651b1be15691e353695d67f8cfd818e22ab6be 2261 cacti_1.2.2+ds1-2+deb10u4.dsc dc06d18fa7c8dd6b75e77fe3f7ccbb88fb856fce 67920 cacti_1.2.2+ds1-2+deb10u4.debian.tar.xz Checksums-Sha256: 085ae645548b8a1cd6187dc725b7b0724e94b72fe5efb5de98726dfbf19a900f 2261 cacti_1.2.2+ds1-2+deb10u4.dsc 36885c441acd4517f6ba52fb24e36803f89587ba7d26f01cc974691434d18d2a 67920 cacti_1.2.2+ds1-2+deb10u4.debian.tar.xz Files: 7e074c0bb8a23e0b2ad01311043933b5 2261 web optional cacti_1.2.2+ds1-2+deb10u4.dsc b3304f7f4acf7cb61f062dd9317d0909 67920 web optional cacti_1.2.2+ds1-2+deb10u4.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEWLZtSHNr6TsFLeZynFyZ6wW9dQoFAmAJ1kMACgkQnFyZ6wW9 dQq58AgAhc5k1IOez+Amtm4lv9LD+sDIWuW1bRpSMYpyHSrU35IVmyATFN4o//Ze xIZNsSnVHBq0H/IuM+24LUOUSZhrftV61qgvEv+h6CggKdXSdSMO08/C3FETk2PD vBAMlQqerpJW5CXXBMWs/09Dz0VQ0tV3XZgYIaMC1ucjm6GVEh8+v2OgBTdS49gh PINXIS5Pg8XzByIoP0g9f9qfvHqLn4EmmvadwiTU3V5S0aT405nchp2DEZ5JCxIm PIQCZ7SXEmzrzYyT+VVVZqLcvJQQBGLGUX+aPvo3PMCC4x4Ep5kwinfjxHkIYNHL NWDzBr1kBj7043hRFeEfN8030pSdSw== =4LEq -----END PGP SIGNATURE-----
