268742 – net-mgmt/cacti: Update to 1.2.23

Bug 268742 - net-mgmt/cacti: Update to 1.2.23

Summary: net-mgmt/cacti: Update to 1.2.23

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Fernando Apesteguía

URL:	https://www.cacti.net/info/changelog
Keywords:	security

Depends on:
Blocks:

Reported:	2023-01-04 06:48 UTC by Michael Muenz
Modified:	2023-01-05 19:39 UTC (History)
CC List:	2 users (show)

See Also:

Flags:	fernape: merge-quarterly+

Attachments
cacti 1.2.23 (8.52 KB, patch) 2023-01-04 06:48 UTC, Michael Muenz	m.muenz: maintainer-approval+	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Muenz 2023-01-04 06:48:39 UTC

Created attachment 239247 [details]
cacti 1.2.23

- update to latest version
- poudriere testport runs without errors
- poudriere builk builds fine pkg

Comment 1 Fernando Apesteguía freebsd_committer

2023-01-05 06:45:03 UTC

This update fixes CVE-2022-46169. Note to self: a VuXml entry is needed.

Comment 2 commit-hook freebsd_committer

2023-01-05 19:37:00 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=32bac56e98aad752f05a3fb9d2cff5310d02d94e

commit 32bac56e98aad752f05a3fb9d2cff5310d02d94e
Author:     Michael Muenz <m.muenz@gmail.com>
AuthorDate: 2023-01-05 06:41:37 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2023-01-05 19:32:22 +0000

    net-mgmt/cacti: Update to 1.2.23

    ChangeLog: https://www.cacti.net/info/changelog

    PR:             268742
    Reported by:    m.muenz@gmail.com (maintainer)
    MFH:            2023Q1  (security fix)
    Security:       CVE-2022-46169

 net-mgmt/cacti/Makefile  |  2 +-
 net-mgmt/cacti/distinfo  |  6 +++---
 net-mgmt/cacti/pkg-plist | 37 +++++++++++++++++++++++++++++++++++++
 3 files changed, 41 insertions(+), 4 deletions(-)

Comment 3 commit-hook freebsd_committer

2023-01-05 19:38:01 UTC

A commit in branch 2023Q1 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=6c9b41c7dfb53e7c4421b237816f3b12574cc31c

commit 6c9b41c7dfb53e7c4421b237816f3b12574cc31c
Author:     Michael Muenz <m.muenz@gmail.com>
AuthorDate: 2023-01-05 06:41:37 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2023-01-05 19:33:22 +0000

    net-mgmt/cacti: Update to 1.2.23

    ChangeLog: https://www.cacti.net/info/changelog

    PR:             268742
    Reported by:    m.muenz@gmail.com (maintainer)
    MFH:            2023Q1  (security fix)
    Security:       CVE-2022-46169

    (cherry picked from commit 32bac56e98aad752f05a3fb9d2cff5310d02d94e)

 net-mgmt/cacti/Makefile  |  2 +-
 net-mgmt/cacti/distinfo  |  6 +++---
 net-mgmt/cacti/pkg-plist | 37 +++++++++++++++++++++++++++++++++++++
 3 files changed, 41 insertions(+), 4 deletions(-)

Comment 4 commit-hook freebsd_committer

2023-01-05 19:39:02 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=dded4914bc3a4cfca23e131af011b2168cb08a34

commit dded4914bc3a4cfca23e131af011b2168cb08a34
Author:     Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2023-01-05 19:30:21 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2023-01-05 19:34:06 +0000

    security/vuxml: Add net-mgmt/cacti vulnerability

    A command injection vulnerability allows an unauthenticated user to execute
    arbitrary code on a server running Cacti, if a specific data source was selected
    for any monitored device.

    PR:     268742

 security/vuxml/vuln/2023.xml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

Comment 5 Fernando Apesteguía freebsd_committer

2023-01-05 19:39:26 UTC

Committed, merged to 2023Q1 and added VuXML entry.

Thanks!