Author: white Date: 2009-12-16 11:43:32 +0000 (Wed, 16 Dec 2009) New Revision: 13570 Modified: data/CVE/list data/NMU/list Log: XSS issue fixed in NMU; other issue won''t be fixed for etch/lenny, whitelist policy will be implemented for squeeze, blocker bug filed Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-12-16 11:31:42 UTC (rev 13569) +++ data/CVE/list 2009-12-16 11:43:32 UTC (rev 13570) @@ -746,14 +746,14 @@ CVE-2009-4047 (Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk ...) NOT-FOR-US: PHD Help Desk CVE-2009-4112 (Cacti 0.8.7e and earlier allows remote authenticated administrators to ...) - - cacti <unfixed> (low) - TODO: check + - cacti <unfixed> (low; bug #561339) + [etch] - cacti <no-dsa> (Minor issue, workaround explained in DSA) + [lenny] - cacti <no-dsa> (Minor issue, workaround explained in DSA) NOTE: 4B0E1566.1070509 at moritz-naumann.com in bugtraq NOTE: low or maybe even unimportant as one requires admin access - NOTE: to cacti + NOTE: to cacti, upstream will implement a whitelist CVE-2009-4032 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e ...) - - cacti <unfixed> - TODO: check + - cacti 0.8.7e-1.1 (low; bug #561338) NOTE: http://docs.cacti.net/#cross-site_scripting_fixes NOTE: http://www.cacti.net/download_patches.php CVE-2009-4046 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) 2.2.x ...) Modified: data/NMU/list ==================================================================--- data/NMU/list 2009-12-16 11:31:42 UTC (rev 13569) +++ data/NMU/list 2009-12-16 11:43:32 UTC (rev 13570) @@ -179,3 +179,4 @@ 2009-11-21 gimp 2.6.7-1.1 2009-11-29 audiofile 0.2.6-7.1 2009-12-06 libstruts1.2-java 1.2.9-3.1 +2009-12-16 cacti 0.8.7e-1.1