rpms/cacti
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update %changelog for unresolved CVE-2014-2327

Browse Source 
CVE-2014-2327, missing CSRF token, is not yet resolved. It is still
tracked at RHBZ #1082122.

Tony Roman <troman@cacti.net> wrote at
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768:

  "As for CVE-2014-2327 Cross Site Request Forgery Vulnerability, I'm still
  working on a solution.  I have some limited time this weekend to work on
  this fix.  But I will be on the west coast for business this next week
  and will have time at night to work on this fix."
This commit is contained in:
Ken Dreyer 2014-04-07 19:05:09 -05:00
parent e04c03e57b
commit 068065e6ac
1 changed files with 0 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cacti.spec
View File

@ -198,7 +198,6 @@ rm -rf %{buildroot}
- Patch for CVE-2014-2709 shell escaping issues in lib/rrd.php
(RHBZ #1084258)
- Patch for CVE-2014-2326 stored XSS attack (RHBZ #1082122)
- Patch for CVE-2014-2327 missing CSRF token (RHBZ #1082122)
- Patch for CVE-2014-2328 use of exec-like function calls without safety
checks allow arbitrary command execution (RHBZ #1082122)