| Summary: | <net-analyzer/cacti-1.2.8: multiple vulnerabilities | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Jeroen Roovers (RETIRED) <jer> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | netmon, tomasz.chilinski |
| Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | B3 [glsa+ cve] | ||
| Package list: |
=net-analyzer/cacti-1.2.8
=net-analyzer/cacti-spine-1.2.8
|
Runtime testing required: | --- |
|
Description
Jeroen Roovers (RETIRED)
2019-12-08 23:35:59 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3db69bfbad40a7f2358e4727e665a119c675b54c commit 3db69bfbad40a7f2358e4727e665a119c675b54c Author: Jeroen Roovers <jer@gentoo.org> AuthorDate: 2019-12-08 23:36:53 +0000 Commit: Jeroen Roovers <jer@gentoo.org> CommitDate: 2019-12-08 23:37:44 +0000 net-analyzer/cacti: Version 1.2.8 Package-Manager: Portage-2.3.81, Repoman-2.3.20 Bug: https://bugs.gentoo.org/702312 Signed-off-by: Jeroen Roovers <jer@gentoo.org> net-analyzer/cacti/Manifest | 1 + net-analyzer/cacti/cacti-1.2.8.ebuild | 48 +++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild NS ~] net-analyzer/cacti-1.2.8:1.2.8::gentoo [1.2.7:1.2.7::gentoo] USE="snmp vhosts -doc" 24,298 KiB [ebuild U ~] net-analyzer/cacti-spine-1.2.8::gentoo [1.2.7::gentoo] USE="-libressl" 105 KiB Total: 2 packages (1 upgrade, 1 in new slot), Size of downloads: 24,403 KiB >>> Verifying ebuild manifests >>> Emerging (1 of 2) net-analyzer/cacti-1.2.8::gentoo * Fetching files in the background. * To view fetch progress, run in another terminal: * tail -f /var/log/emerge-fetch.log >>> Downloading 'http://distfiles.gentoo.org/distfiles/3f/cacti-1.2.8.tar.gz' --2019-12-10 08:50:09-- http://distfiles.gentoo.org/distfiles/3f/cacti-1.2.8.tar.gz Resolving distfiles.gentoo.org... 140.211.166.134, 64.50.233.100, 64.50.236.52, ... Connecting to distfiles.gentoo.org|140.211.166.134|:80... connected. HTTP request sent, awaiting response... 404 Not Found 2019-12-10 08:50:10 ERROR 404: Not Found. >>> Downloading 'https://www.cacti.net/downloads/cacti-1.2.8.tar.gz' --2019-12-10 08:50:10-- https://www.cacti.net/downloads/cacti-1.2.8.tar.gz Resolving www.cacti.net... 104.28.9.127, 104.28.8.127, 2606:4700:30::681c:97f, ... Connecting to www.cacti.net|104.28.9.127|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 24881361 (24M) [application/octet-stream] Saving to: ‘/usr/portage/distfiles/cacti-1.2.8.tar.gz.__download__’ /usr/portage/distfi 100%[===================>] 23.73M 3.15MB/s in 8.6s 2019-12-10 08:50:19 (2.77 MB/s) - ‘/usr/portage/distfiles/cacti-1.2.8.tar.gz.__download__’ saved [24881361/24881361] !!! Fetched file: cacti-1.2.8.tar.gz VERIFY FAILED! !!! Reason: Filesize does not match recorded size !!! Got: 24881361 !!! Expected: 24881030 Refetching... File renamed to '/usr/portage/distfiles/cacti-1.2.8.tar.gz._checksum_failure_.v853zg01' !!! Couldn't download 'cacti-1.2.8.tar.gz'. Aborting. * Fetch failed for 'net-analyzer/cacti-1.2.8', Log file: * '/var/tmp/portage/net-analyzer/cacti-1.2.8/temp/build.log' >>> Failed to emerge net-analyzer/cacti-1.2.8, Log file: >>> '/var/tmp/portage/net-analyzer/cacti-1.2.8/temp/build.log' * Messages for package net-analyzer/cacti-1.2.8: * Fetch failed for 'net-analyzer/cacti-1.2.8', Log file: * '/var/tmp/portage/net-analyzer/cacti-1.2.8/temp/build.log' The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e7568c36bf5de877b7c84b00e6abe3cd1a61cd7b commit e7568c36bf5de877b7c84b00e6abe3cd1a61cd7b Author: Jeroen Roovers <jer@gentoo.org> AuthorDate: 2019-12-10 08:59:17 +0000 Commit: Jeroen Roovers <jer@gentoo.org> CommitDate: 2019-12-10 09:00:30 +0000 net-analyzer/cacti: Fix Manifest for re-uploaded tarball Package-Manager: Portage-2.3.81, Repoman-2.3.20 Bug: https://bugs.gentoo.org/show_bug.cgi?id=702312 Signed-off-by: Jeroen Roovers <jer@gentoo.org> net-analyzer/cacti/Manifest | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=efef86609255871ca9573c7c48e0410633ad4910 commit efef86609255871ca9573c7c48e0410633ad4910 Author: Jeroen Roovers <jer@gentoo.org> AuthorDate: 2019-12-10 09:02:46 +0000 Commit: Jeroen Roovers <jer@gentoo.org> CommitDate: 2019-12-10 09:03:07 +0000 net-analyzer/cacti-spine: Fix Manifest for re-uploaded tarball Package-Manager: Portage-2.3.81, Repoman-2.3.20 Bug: https://bugs.gentoo.org/show_bug.cgi?id=702312 Signed-off-by: Jeroen Roovers <jer@gentoo.org> net-analyzer/cacti-spine/Manifest | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) sparc stable amd64 stable x86 stable Stable for HPPA. Added to an existing GLSA. This issue was resolved and addressed in GLSA 202003-40 at https://security.gentoo.org/glsa/202003-40 by GLSA coordinator Thomas Deutschmann (whissi). |