[ubuntu/bionic-proposed] cacti 1.1.37+ds1-1 (Accepted)
Jeremy Bicha
jeremy at bicha.net
Sat Apr 14 02:15:05 UTC 2018
cacti (1.1.37+ds1-1) unstable; urgency=medium
* New upstream release 1.1.37
* CVE-2018-10059: (XSS) the get_current_page function in
lib/functions.php relies on $_SERVER['PHP_SELF'] instead of
$_SERVER['SCRIPT_NAME'] to determine a page name
* CVE-2018-10060: (XSS) does not properly reject unintended characters,
related to use of the sanitize_uri function in lib/functions.php
* CVE-2018-10061: (XSS) makes certain htmlspecialchars calls without the
ENT_QUOTES flag
Date: 2018-04-12 22:27:15.825512+00:00
Signed-By: Jeremy Bicha <jeremy at bicha.net>
https://launchpad.net/ubuntu/+source/cacti/1.1.37+ds1-1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list