Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 317615 (CVE-2010-1431) - net-analyzer/cacti SQL Injection Issue in Template Export (CVE-2010-1431)
Summary: net-analyzer/cacti SQL Injection Issue in Template Export (CVE-2010-1431)
Status: RESOLVED FIXED
Alias: CVE-2010-1431
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-04-28 12:27 UTC by Marcin Mirosław
Modified: 2010-09-29 21:28 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcin Mirosław 2010-04-28 12:27:29 UTC 
There is available patch from upstream.

Reproducible: Always
Comment 1 Peter Volkov (RETIRED) gentoo-dev 2010-05-18 13:09:36 UTC 
cacti-0.8.7e-r2 is in the tree. Arch teams, please, stabilize.
Comment 2 Andreas Schürch gentoo-dev 2010-05-18 16:40:50 UTC 
Tests passed here on x86, seems fine.
Comment 3 Peter Volkov (RETIRED) gentoo-dev 2010-05-20 10:50:36 UTC 
amd64 stable.
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2010-05-20 13:57:15 UTC 
Stable for HPPA.
Comment 5 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-05-23 13:38:00 UTC 
x86 stable, thanks Andreas
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2010-05-23 18:01:38 UTC 
alpha/sparc stable
Comment 7 Brent Baude (RETIRED) gentoo-dev 2010-05-26 19:18:07 UTC 
ppc64 done
Comment 8 Joe Jezak (RETIRED) gentoo-dev 2010-06-01 15:22:56 UTC 
Marked ppc stable.
Comment 9 Marcin Mirosław 2010-08-12 12:32:56 UTC 
It looks tehere is nothing to do more with this bug, can it be closed?
Comment 10 Peter Volkov (RETIRED) gentoo-dev 2010-08-12 13:35:56 UTC 
Marcin, security team will handle this issue:
http://www.gentoo.org/security/en/vulnerability-policy.xml
Comment 11 Stefan Behte (RETIRED) gentoo-dev Security 2010-09-01 19:48:46 UTC 
Vote: No! You need to be an authenticated User to exploit this.
Comment 12 Pierre-Yves Rofes (RETIRED) gentoo-dev 2010-09-29 21:28:06 UTC 
No too, closing without glsa, kthxbye.