mailing list archives
Re: CVE Request for cacti
From: Robert Buchholz <rbu () gentoo org>
Date: Mon, 18 May 2009 17:16:50 +0200
On Friday 15 May 2009, Henri Salo wrote:
I would like to obtain CVE identifier for security bug in
cacti. I beleive this version of cacti is still used in some
The resolution indicates the bug had already been fixed at the time the
bug was reported, thus implying it was a duplicate report of
CVE-2008-0783. The CVE-2008-0783 patch  explicitly validates
the 'action' variable as mentioned in the bug report.
However, the original poster reported the 0.8.6i-3.4 Debian revision as
vulnerable and according to DSA 1569-2 , it should not have been.
Do you have any indication this is not covered by CVE-2008-0783?
Description: This is a digitally signed message part.