Cacti upstream's svn [1] has a fix for CVE-2014-4002. No more technical information is available unfortunately. It might be that also the change before this revision is also involved [2]. [1] http://svn.cacti.net/viewvc?view=rev&revision=7452 [2] http://svn.cacti.net/viewvc?view=rev&revision=7451
Created cacti tracking bugs for this issue: Affects: fedora-all [bug 1113036] Affects: epel-all [bug 1113037]
cacti-0.8.8b-7.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
cacti-0.8.8b-7.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
cacti-0.8.8b-7.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
cacti-0.8.8b-7.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
This release is buggy. It completely breaks the ability to add graphs to a tree. Please see: http://svn.cacti.net/viewvc/cacti/branches/0.8.8/graphs.php?r1=7452&r2=7458 which is an absolutely necessary fix. If you'd like I can open a different bug report, but comment#3 suggests to make note of it in this report...
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.