Created attachment 167335 [details] Update to 0.8.8g To committer: After applying attached patch, please REMOVE the file 'files/patch-CVE-2015-8369' as it is no longer needed. It has been incorporated in the upstream codebase. Poudriere testport logs at: https://poudriere2.dan.tm/poudriere/data/latest-per-pkg/cacti/0.8.8g/ Also, please merge into the quarterly branch as this update may contain additional security patches.
Assign to committer that resolved: https://svnweb.FreeBSD.org/changeset/ports/409474
A commit references this bug: Author: junovitch Date: Wed Mar 2 02:28:46 UTC 2016 New revision: 409906 URL: https://svnweb.freebsd.org/changeset/ports/409906 Log: Document SQL injection and authentication bypass in Cacti Note CVE-2015-8369/upstream bug 0002646: SQL injection in graph.php was also fixed in this release but that was backported to 0.8.8f and is covered in a prior entry. PR: 207444 Security: CVE-2015-8377 Security: CVE-2015-8604 Security: CVE-2016-2313 Security: https://vuxml.FreeBSD.org/freebsd/db3301be-e01c-11e5-b2bd-002590263bf5.html Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: junovitch Date: Wed Mar 2 02:32:25 UTC 2016 New revision: 409907 URL: https://svnweb.freebsd.org/changeset/ports/409907 Log: MFH: r409474 Update to 0.8.8g PR: 207444 Security: CVE-2015-8377 Security: CVE-2015-8604 Security: CVE-2016-2313 Security: https://vuxml.FreeBSD.org/freebsd/db3301be-e01c-11e5-b2bd-002590263bf5.html Approved by: ports-secteam (with hat) Changes: _U branches/2016Q1/ branches/2016Q1/net-mgmt/cacti/Makefile branches/2016Q1/net-mgmt/cacti/distinfo branches/2016Q1/net-mgmt/cacti/files/patch-CVE-2015-8369 branches/2016Q1/net-mgmt/cacti/pkg-plist
Close, post close addition of keywords, set merge-quarterly+ and add port-secteam@ as a follow up on any CCs.