File _patchinfo of Package patchinfo

<patchinfo incident="12545">
  <issue tracker="cve" id="2020-7106"/>
  <issue tracker="bnc" id="1163749">VUL-0: CVE-2020-7106: cacti: Lack of escaping on some pages can lead to XSS exposure</issue>
  <packager>AndreasStieger</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for cacti, cacti-spine</summary>
  <description>This update for cacti, cacti-spine fixes the following issues:

cacti-spine and cacti were updated to 1.2.12:

cacti fixes:

* CVE-2020-7106: Lack of escaping of color items can lead to XSS
  exposure (boo#1163749)
* Fix multiple graphing bugs and web UI issues
* Fix multiple warnings, PHP Exceptions and errors
* Content-Security-Policy prevents External Links from being opened
* Prevent runtime memory issues by increasing memory limit
* Improve SNMPv3 handling

cacti-spine fixes:

* Failed host lookup causes spine to crash

</description>
</patchinfo>