-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 22 Jun 2021 18:46:09 +0200 Source: cacti Architecture: source Version: 1.2.16+ds1-2~bpo10+1 Distribution: buster-backports Urgency: medium Maintainer: Cacti Maintainer <pkg-cacti-maint@lists.alioth.debian.org> Changed-By: Paul Gevers <elbrus@debian.org> Closes: 979998 Changes: cacti (1.2.16+ds1-2~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports. . cacti (1.2.16+ds1-2) unstable; urgency=medium . * Add 0001-Fixing-Issue-4022.patch (Closes: #979998) - CVE-2020-35701: SQL injection via data_debug.php * Add 0001-Fixing-Issue-4019.patch There are a few places in the current code where an attacker, once having gained access to the Cacti database through a SQL injection, could modify data in tables to possibly expose an stored XSS bug in Cacti. Checksums-Sha1: c84879a15bb425326e02c3421924947aac071314 2277 cacti_1.2.16+ds1-2~bpo10+1.dsc 852f751f27bb414498eb971a3af114ad6724a8cc 56884 cacti_1.2.16+ds1-2~bpo10+1.debian.tar.xz Checksums-Sha256: 51789cf9a3070907d85e23d17d79204f63dedb25196a8a127c1ebca909ff08fd 2277 cacti_1.2.16+ds1-2~bpo10+1.dsc c12a1b06384af2dd4612905a9d1f000130619b609686a131a812e62755f9b2f5 56884 cacti_1.2.16+ds1-2~bpo10+1.debian.tar.xz Files: 1cf60bf7a1ed403f204df765e1381237 2277 web optional cacti_1.2.16+ds1-2~bpo10+1.dsc 791f55b36a62d5093986392d3b2e581b 56884 web optional cacti_1.2.16+ds1-2~bpo10+1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEWLZtSHNr6TsFLeZynFyZ6wW9dQoFAmDSFBkACgkQnFyZ6wW9 dQrOqQf/dbgQe8TVqkJnqdjOk0kxlApXV/orbRmIN22iCp4luqv9Bs+GUdHbUIkM DQFLBHxvDuUyw2T6hl2BiW0yaizJB29xTIiGw0VKmUUnkRaMSYE97Tpy6kIax8+G km07k05PerYFAIMBBt7v9Q+LOeRW/+PhA7U3rNPqH4eyKGKE21zTEuV8EzcTjK7O isNuUlEA3eVUWtiQ60/+V/aGkMh/i7iD0U07ybZUT3R6IWoidapUDMY/KoG+iHt3 wZ0SdE1nr3NHL6QHO/z5bnbI148SaNvSkT7w9WbwBPupqsf16l/sqgTAqpnTl9Wq JG3OmWudxDMn4eHTpTLHxpVJg4PSog== =vNpg -----END PGP SIGNATURE-----
