[Pkg-graphite-maint] Bug#720454: Bug#720454: Bug#720454: graphite-web: CVE-2013-5093: Graphite remote code execution

Jonas Genannt jonas.genannt at capi2name.de
Sat Aug 24 15:45:17 UTC 2013


> Thanks for the quick reaction on this bugreport! Btw, it might make
> sense to straight update to the newest upstream version for this, as
> graphite-web is only in jessie and sid, and the new upstream version
> fixes also other fixes for cross-site scripting vulnerabilities.

I will package the new upstream version soon. But I have seen many changes in upstream,
it will take time to package all three packages (whisper, carbon, web).

That's why I have done an quick fix with the patch, new upstream version will follow soon.

@Salvatore, if you have spare time, perhaps you can upload graphite-web, if Mathieu has
no time?


More information about the Pkg-graphite-maint mailing list