diff options
author | Sylvain Beucler <beuc@beuc.net> | 2023-12-21 18:24:50 +0100 |
---|---|---|
committer | Sylvain Beucler <beuc@beuc.net> | 2023-12-21 18:25:50 +0100 |
commit | 23bdb16252d5814ae690dc4792a7b57f937fe2bd (patch) | |
tree | bbfc072f3fa8041c39d4631d6df92405cab1fe46 | |
parent | 702da29d82f17ff864d63375c457beae4555e6ea (diff) |
CVE-2019-16723/cacti: add patches versions
-rw-r--r-- | data/CVE/list | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/data/CVE/list b/data/CVE/list index e411b9f86e..93ea99831c 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -304444,17 +304444,17 @@ CVE-2019-16723 (In Cacti through 1.2.6, authenticated users may bypass authoriza [stretch] - cacti <not-affected> (vulnerability introduced later) [jessie] - cacti <not-affected> (vulnerability introduced later) NOTE: vulnerability introduced in - NOTE: https://github.com/Cacti/cacti/commit/cf73ae1a9f65b5a27d7f9d10c8e14835c3a76326 + NOTE: https://github.com/Cacti/cacti/commit/cf73ae1a9f65b5a27d7f9d10c8e14835c3a76326 (release/1.0.0) NOTE: see Debian bug report for more information NOTE: https://github.com/Cacti/cacti/issues/2964 - NOTE: https://github.com/Cacti/cacti/commit/7a6a17252a1cbda180b61fff244cb3ce797d5264 - NOTE: https://github.com/Cacti/cacti/commit/c7cf4a26e4848872b48094e67f8d0a01dd7613d2 + NOTE: https://github.com/Cacti/cacti/commit/7a6a17252a1cbda180b61fff244cb3ce797d5264 (release/1.2.7) + NOTE: https://github.com/Cacti/cacti/commit/c7cf4a26e4848872b48094e67f8d0a01dd7613d2 (release/1.2.7) NOTE: after further discussion, upstream issued a new fix which reverts previous commits - NOTE: https://github.com/Cacti/cacti/commit/cfb0733597af97abc92270de4f47cbfa32f9ce8b + NOTE: https://github.com/Cacti/cacti/commit/cfb0733597af97abc92270de4f47cbfa32f9ce8b (release/1.2.8) NOTE: which turned out to be insufficient to fix the issue, follow up patches: - NOTE: https://github.com/Cacti/cacti/commit/9a1d2ec46d2dde23826c134ca70a0cd3bef43ee7 - NOTE: https://github.com/Cacti/cacti/commit/d5f98679a06aa96adfe04f60908f9108cfc9f7f7 - NOTE: https://github.com/Cacti/cacti/commit/4cecb19f6be8b84fa1c7b6450b66176007cb53df + NOTE: https://github.com/Cacti/cacti/commit/9a1d2ec46d2dde23826c134ca70a0cd3bef43ee7 (release/1.2.8) + NOTE: https://github.com/Cacti/cacti/commit/d5f98679a06aa96adfe04f60908f9108cfc9f7f7 (release/1.2.8) + NOTE: https://github.com/Cacti/cacti/commit/4cecb19f6be8b84fa1c7b6450b66176007cb53df (release/1.2.8) NOTE: The original issue mentions only a bypass via graph_json.php but there are NOTE: additional permission checks missed while checking the issue fixed with the NOTE: upstream commits. |