Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Maintenance:7205
patchinfo
_patchinfo
Overview
Details
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo
<patchinfo incident="7205"> <issue id="1054742" tracker="bnc">VUL-0: CVE-2017-12978: cacti: lib/html.php in Cacti before 1.1.18 has XSS via the title field of anexternal link added by an authenticated user.</issue> <issue id="1054390" tracker="bnc">VUL-0: CVE-2017-12927: cacti: XSS in methodparameter in spikekill.php.</issue> <issue id="2017-12978" tracker="cve" /> <issue id="2017-12927" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>AndreasStieger</packager> <description>This update for cacti and cacti-spine fixes security issues and bugs. The following vulnerabilities were fixed: * CVE-2017-12927: Cross-site scripting vulnerability in methodparameter (bsc#1054390) * CVE-2017-12978:Cross-site scripting vulnerability via the title field (bsc#1054742) It also contains all upstream bug fixes and improvements in the 1.1.18 release: * Sort devices by polling time to allow long running d * Allow user to hide Graphs from disabled Devices * Create a separate Realm for Realtime Graphs * Fix various JavaScript errors * updated translations * Can now export Device table results to CSV * Allow Log Rotation to be other than Daily, and other log rotation improvements </description> <summary>Security update for cacti, cacti-spine</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor