[Bug 201702] net-mgmt/cacti: Multiple XSS and SQL injection vulnerabilities (CVE-2015-4634)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Jul 22 00:19:22 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201702
Jason Unovitch <jason.unovitch at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #159053|0 |1
is obsolete| |
Attachment #159053|maintainer-approval?(freebs |
Flags|d-ports at dan.me.uk) |
Attachment #159054| |maintainer-approval?(freebs
Flags| |d-ports at dan.me.uk)
--- Comment #14 from Jason Unovitch <jason.unovitch at gmail.com> ---
Created attachment 159054
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=159054&action=edit
cacti-0.8.8f_1.patch
Disregard initial patch. The comment in the forum thread about fetching the
file and not finding the bad code made me look a little closer. The SHA256
doesn't match ports anymore but the fact that I had the distfile and the fact
that one of the fallback mirrors had the bad distfile hid this.
According to http://www.cacti.net/downloads/
cacti-0.8.8f.tar.gz 20-Jul-2015 09:43 2.5M
It looks like this was caught and fixed after the 19 July release and they
re-rolled the distfile. I see
2ea92407c11bf13302558a5bc9e1f3a57bd14a1d9ded48c505ec495762f76738 as the hash.
Patch attached fixes the issue by updating to the new 0.8.8f distfile and
bumping PORTREVISION.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list