[Pkg-graphite-maint] Bug#720454: Bug#720454: graphite-web: CVE-2013-5093: Graphite remote code execution
carnil at debian.org
Sat Aug 24 08:25:54 UTC 2013
Hi Jonas, Hi Mathieu
On Thu, Aug 22, 2013 at 10:05:59AM +0200, Jonas Genannt wrote:
> I have added the patch to fix a security problem in graphite-web. It's
> available in git. Could you please upload graphite-web to unstable?
Thanks for the quick reaction on this bugreport! Btw, it might make
sense to straight update to the newest upstream version for this, as
graphite-web is only in jessie and sid, and the new upstream version
fixes also other fixes for cross-site scripting vulnerabilities.
More information about the Pkg-graphite-maint