security/vuxml: Document vulnerability in cacti
ClosedPublic

Authored by dbaio on Sun, Jul 16, 11:38 AM.

Details

Summary
security/vuxml: Document vulnerability in cacti

Security:	CVE-2017-10970

Approved by:	garga (mentor), ???
Differential Revision:	https://reviews.freebsd.org/D11611
Test Plan
$ make validate
/bin/sh /usr/home/dbaio/FreeBSD/ports_head/security/vuxml/files/tidy.sh "/usr/home/dbaio/FreeBSD/ports_head/security/vuxml/files/tidy.xsl" "/usr/home/dbaio/FreeBSD/ports_head/security/vuxml/vuln.xml" > "/usr/home/dbaio/FreeBSD/ports_head/security/vuxml/vuln.xml.tidy"
>>> Validating...
/usr/local/bin/xmllint --valid --noout /usr/home/dbaio/FreeBSD/ports_head/security/vuxml/vuln.xml
>>> Successful.
Checking if tidy differs...
... seems okay
Checking for space/tab...
... seems okay
/usr/local/bin/python2.7 /usr/home/dbaio/FreeBSD/ports_head/security/vuxml/files/extra-validation.py /usr/home/dbaio/FreeBSD/ports_head/security/vuxml/vuln.xml
$ pkg audit -f ./vuln.xml cacti-1.1.12
cacti-1.1.12 is vulnerable:
Cacti -- Cross-site scripting (XSS) vulnerability in link.php
CVE: CVE-2017-10970
WWW: https://vuxml.FreeBSD.org/freebsd/dc3c66e8-6a18-11e7-93af-005056925db4.html
1 problem(s) in the installed packages found.

$ pkg audit -f ./vuln.xml cacti-1.0.0
cacti-1.0.0 is vulnerable:
Cacti -- Cross-site scripting (XSS) vulnerability in link.php
CVE: CVE-2017-10970
WWW: https://vuxml.FreeBSD.org/freebsd/dc3c66e8-6a18-11e7-93af-005056925db4.html
1 problem(s) in the installed packages found.

$ pkg audit -f ./vuln.xml cacti-1.1.13
0 problem(s) in the installed packages found.

$ pkg audit -f ./vuln.xml cacti-0.88
0 problem(s) in the installed packages found.
$ portlint -C
looks fine.

Diff Detail

Repository
rP FreeBSD ports repository
Lint
No Linters Available
Unit
No Unit Test Coverage
Build Status
Buildable 10513
Build 10922: arc lint + arc unit
dbaio created this revision.Sun, Jul 16, 11:38 AM
garga accepted this revision.Mon, Jul 17, 11:54 AM
This revision has a positive review.Mon, Jul 17, 11:54 AM
dbaio closed this revision.Mon, Jul 17, 3:11 PM