search

Cacti / cacti

Cacti ™
http://www.cacti.net
GNU General Public License v2.0
1.65k stars 406 forks source link

CVE-2024-27082 commit #5798

Closed bastien-roucaries closed 2 months ago

bastien-roucaries commented 3 months ago

Hi,

Can you give me the commit fixing this CVE ?

Thanks

rouca

TheWitness commented 3 months ago

You can simply upgrade to 1.2.27. It's a stable release. Was there some other reason?

bastien-roucaries commented 3 months ago

we want to be sure the bug is closed and that we could not reproduce. And at debian we try also backport

TheWitness commented 3 months ago

There were a few commits for this. We started with one framework, but at the recommendation of the reporter, we switched to another framework:

https://github.com/Cacti/cacti/commit/58a980f335980ab57659420053d89d4e721ae3fc https://github.com/Cacti/cacti/commit/73d9a60e24d6d826e6343b94d833b48c28b68643 https://github.com/Cacti/cacti/commit/593ca99b7716acdaa6f6149b89662de9312376ef https://github.com/Cacti/cacti/commit/59e39b34f8f1d80b28d38a391d7aa6e7a3302f5b https://github.com/Cacti/cacti/commit/9c75f8da5b609d17c8c031fd46362f730358b792 https://github.com/Cacti/cacti/commit/6a82fa1abe81d96238a87727087572ff749d0a8d

Yea, quite messy, but you can dig through them and pull it all together I think.