forked from Cacti/cacti
-
Notifications
You must be signed in to change notification settings - Fork 0
Security Notes
Jing Chen edited this page Feb 23, 2024
·
2 revisions
- In Cacti:
- Reported issues: https://github.com/Cacti/cacti/issues/2508
- File Location: https://github.com/Cacti/cacti/tree/develop/include/vendor/phpgettext
- Patched on 1.0.12(Until Cacti v1.2.26):
- Old Repo(1.0.8 until Nov 2009):
- Web: https://savannah.nongnu.org/projects/php-gettext/
- cvs -z3 -d:pserver:anonymous@cvs.savannah.nongnu.org:/web/php-gettext co php-gettext
- Original Repo(1.0.12 until Nov, 2015):
- Web: https://launchpad.net/php-gettext
- bzr branch lp:php-gettext
- Modified Repo(1.0.12-6 until Feb, 2024), included two CVE fixing: CVE-2015-8980, CVE-2016-6175
- Web: https://launchpad.net/ubuntu/+source/php-gettext
- git clone https://git.launchpad.net/ubuntu/+source/php-gettext
- Download/Install-able from Ubuntu pool universe channel
- Another topic for CVE-2016-6175:
- In Cacti:
- v6.1.8 (Until Cacti v1.2.26), a obsoleted file phpmailer.lang-am.php since v6.1.6
- The latest release: v6.9.1, including:
- Security Fixing: CVE-2020-36326, CVE-2018-19296(6.1.8+), CVE-2021-3603, CVE-2021-34551
- Various fixing for PHP 8.x compatibility (Until v6.9.0)
- v2.0.46 in Cacti until Feb 22 2024
- In Cacti
- Reported issues: https://github.com/Cacti/cacti/issues/4521: Related to PHP 8.1, finally revert 5.6.1
- File Location:
- gettext: patched on v4.6.3 (Until Cacti 1.2.26):
- cldr-to-gettext-plural-rules: add 9747cd78 commit on top of v2.5.0
- Current Official Repo:
- cacti->gettext:
- cacti->cldr-to-gettext-plural-rules:
- The latest gettext 4.8.11, cldr-to-gettext-plural-rules is 2.10.0, including
- Various fixing for PHP 8.x compatibility