> How did you generate these? Did you test the patched packages?
By looking at upstream svn changes i can modify debian sources easily. Yes, i tested it.
> When submitting, can you remove this from the debdiff?
Yup
> One last thing, cacti on lucid has several other open CVEs: CVE-2010-1644, CVE-2010-1645, CVE-2010-2543, CVE-2010-2544 and CVE-2010-2545. Do you plan on providing patches for these as well? If so, please update the debdiff to include these as well. Thanks again!
CVE's as mention in above has been resolved in 0.8.7e-2ubuntu0.1 by Brian Thomson. Here is changelog in 0.8.7e-2ubuntu0.1:
cacti (0.8.7e-2ubuntu0.1) lucid-security; urgency=low
> How did you generate these? Did you test the patched packages?
By looking at upstream svn changes i can modify debian sources easily. Yes, i tested it.
> When submitting, can you remove this from the debdiff?
Yup
> One last thing, cacti on lucid has several other open CVEs: CVE-2010-1644, CVE-2010-1645, CVE-2010-2543, CVE-2010-2544 and CVE-2010-2545. Do you plan on providing patches for these as well? If so, please update the debdiff to include these as well. Thanks again!
CVE's as mention in above has been resolved in 0.8.7e-2ubuntu0.1 by Brian Thomson. Here is changelog in 0.8.7e-2ubuntu0.1:
cacti (0.8.7e-2ubuntu0.1) lucid-security; urgency=low
* SECURITY UPDATE: Fix SQL injection vulnerability in templates_ export. php patches/ CVE-2010- 1431.patch: patch derived from upstream patch patches/ CVE-2010- 1644.patch: patch derived from upstream patch patches/ CVE-2010- 1645.patch: patch derived from upstream patches patches/ CVE-2010- 2092.patch: patch derived from Debian patch patches/ CVE-2010- 2543.patch: patch derived from upstream patches
(LP: #599892)
- debian/
- CVE-2010-1431
* SECURITY UPDATE: Fix cross-site scripting (XSS) vulnerabilities
- debian/
- CVE-2010-1644
* SECURITY UPDATE: Fix arbitrary command execution vuln
- debian/
- CVE-2010-1645
* SECURITY UPDATE: Fix a SQL injection vulnerability in graph.php
- debian/
- CVE-2010-2092
- DSA-2060
* SECURITY UPDATE: Fix cross-site scripting (XSS) vulnerabilities
- debian/
- CVE-2010-2543
- CVE-2010-2544
- CVE-2010-2545
-- Brian Thomason <email address hidden> Mon, 24 Jan 2011 11:20:13 -0500