Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 716406 - <net-analyzer/cacti-1.2.11 - multiple vulnerabilities
Summary: <net-analyzer/cacti-1.2.11 - multiple vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa+]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-04-06 06:05 UTC by Jeroen Roovers (RETIRED)
Modified: 2020-04-30 23:19 UTC (History)
1 user (show)

See Also:
Package list:
=net-analyzer/cacti-spine-1.2.11 =net-analyzer/cacti-1.2.11
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2020-04-06 06:05:38 UTC 
Cacti CHANGELOG

1.2.11
-security: Add SameSite support for cookies https://github.com/Cacti/cacti/issues/1566
-security: Cookie should be properly verified against password https://github.com/Cacti/cacti/issues/1985
-security: CSRF at Admin Email  https://github.com/Cacti/cacti/issues/3342
-security: Improper Access Control on disabling a user.  https://github.com/Cacti/cacti/issues/3343
-security: Update to jQuery 3.4.1 to resolve XSS issues with jQuery 3.3.1  https://github.com/Cacti/cacti/issues/3414
Comment 1 Agostino Sarubbo gentoo-dev 2020-04-07 10:33:35 UTC 
amd64 stable
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2020-04-08 05:47:41 UTC 
Added to an existing GLSA Request.

Please continue stabilization x86/hppa/sparc
Comment 3 Agostino Sarubbo gentoo-dev 2020-04-08 09:53:35 UTC 
sparc stable
Comment 4 Agostino Sarubbo gentoo-dev 2020-04-08 09:54:26 UTC 
x86 stable
Comment 5 Rolf Eike Beer archtester 2020-04-08 21:18:43 UTC 
hppa stable
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-04-08 21:19:55 UTC 
@maintainer(s), please cleanup.
Comment 7 NATTkA bot gentoo-dev 2020-04-08 21:20:22 UTC 
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2020-04-30 23:19:40 UTC 
This issue was resolved and addressed in
 GLSA 202004-16 at https://security.gentoo.org/glsa/202004-16
by GLSA coordinator Thomas Deutschmann (whissi).