[Pkg-graphite-maint] Bug#720454: Bug#720454: Bug#720454: graphite-web: CVE-2013-5093: Graphite remote code execution
Jonas Genannt
jonas.genannt at capi2name.de
Sat Aug 24 15:45:17 UTC 2013
Hello,
> Thanks for the quick reaction on this bugreport! Btw, it might make
> sense to straight update to the newest upstream version for this, as
> graphite-web is only in jessie and sid, and the new upstream version
> fixes also other fixes for cross-site scripting vulnerabilities.
I will package the new upstream version soon. But I have seen many changes in upstream,
it will take time to package all three packages (whisper, carbon, web).
That's why I have done an quick fix with the patch, new upstream version will follow soon.
@Salvatore, if you have spare time, perhaps you can upload graphite-web, if Mathieu has
no time?
Thanks,
Jonas
More information about the Pkg-graphite-maint
mailing list