Bug 10951

Summary: cacti: SQL injection and shell escaping issues
Product: Mageia Reporter: Oden Eriksson <oe>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: luigiwalser
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
Whiteboard:
Source RPM: cacti CVE:
Status comment:

Description Oden Eriksson 2013-08-07 12:29:18 CEST 
http://www.cacti.net/changelog.php

0.8.8b
 
bug: Fixed issue with custom data source information being lost when saved from edit
bug: Repopulate the poller cache on new installations
bug: Fix issue with poller not escaping the script query path correctly
bug: Allow snmpv3 priv proto none
bug: Fix issue where host activate may flush the entire poller item cache
security: SQL injection and shell escaping issues 








Reproducible: 

Steps to Reproduce:
Comment 1 Oden Eriksson 2013-08-07 12:31:31 CEST 
0.8.8b was just submitted to cauldron.
Comment 2 David Walser 2013-08-07 12:42:47 CEST 
Please correct me if I'm wrong, but don't we only have cacti in Cauldron?

Status: NEW => RESOLVED
CC: (none) => luigiwalser
Version: 2 => Cauldron
Resolution: (none) => FIXED

Comment 3 Oden Eriksson 2013-08-07 12:44:17 CEST 
Yep.