aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T13:38:45Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5251[3.3] putty: old-style scp downloads may allow remote code execution (CVE-201...2019-07-23T13:38:45ZAlicha CH[3.3] putty: old-style scp downloads may allow remote code execution (CVE-2016-2563)Prior to any download in the SCP sink protocol, the server sends a line
of text consisting
of an octal number encoding Unix file permissions, a decimal number
encoding the file size,
and the file name. Since the file size can exceed ...Prior to any download in the SCP sink protocol, the server sends a line
of text consisting
of an octal number encoding Unix file permissions, a decimal number
encoding the file size,
and the file name. Since the file size can exceed 232 bytes, and in some
compilation configurations
of PuTTY the host platform’s largest integer type is only 32 bits wide,
PuTTY extracts the decimal
file size into a temporary string variable to send to its own 64-bit
decimal decoding function.
### Fixed In Version:
putty 0.67
### References:
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-2563
http://seclists.org/fulldisclosure/2016/Mar/22
### Patch:
http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commit;h=bc6c15ab5f636e05b7e91883f0031a7e06117947
*(from redmine: issue id 5251, created on 2016-03-10, closed on 2016-03-14)*
* Relations:
* parent #5249
* Changesets:
* Revision da0edcfa06c5c38fce0fd1a83a92ca3a3d9303f6 on 2016-03-14T10:21:01Z:
```
main/putty: security upgrade to 0.67 (CVE-2016-2563). Fixes #5251
(cherry picked from commit 7c18b536e1c1329ab8466eb402c956ebfff315ba)
```3.3.2Jeff Bilykjbilyk@gmail.comJeff Bilykjbilyk@gmail.comhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5202[3.3] cacti: SQL injection in graps_new.php via cg_g parameter (CVE-2015-8604)2019-07-23T13:39:34ZAlicha CH[3.3] cacti: SQL injection in graps_new.php via cg_g parameter (CVE-2015-8604)An SQL injection in graphs\_new.php via cg\_g parameter was found
affecting version 0.8.8f and older.
Note that this is different from CVE-2015-8377.
### References:
http://seclists.org/oss-sec/2016/q1/15
https://bugzilla.redhat.com...An SQL injection in graphs\_new.php via cg\_g parameter was found
affecting version 0.8.8f and older.
Note that this is different from CVE-2015-8377.
### References:
http://seclists.org/oss-sec/2016/q1/15
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-8604
### Patch:
http://bugs.cacti.net/view.php?id=2652
*(from redmine: issue id 5202, created on 2016-03-01, closed on 2016-03-07)*
* Relations:
* parent #5200
* Changesets:
* Revision 6c80b2936408ee03f85d824010c7cb7a789074a3 on 2016-03-04T11:10:22Z:
```
main/cacti: security fix (CVE-2015-8604). Fixes #5202
(cherry picked from commit 81eb7e3b062d62dff1b82864cdd42732b50f4a9c)
```3.3.2Jeff Bilykjbilyk@gmail.comJeff Bilykjbilyk@gmail.comhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4994[3.3] cacti: Security issues (CVE-2015-8369, CVE-2015-8377)2019-07-23T13:42:27ZAlicha CH[3.3] cacti: Security issues (CVE-2015-8369, CVE-2015-8377)### (CVE-2015-8369) SQL injection in graph.php
SQL Injection of Cacti (0.8.8f and older versions) was discovered in
graph.php
### (CVE-2015-8377) Cacti graphs\_new.php SQL Injection Vulnerability
An SQL injection was found in /cacti/g...### (CVE-2015-8369) SQL injection in graph.php
SQL Injection of Cacti (0.8.8f and older versions) was discovered in
graph.php
### (CVE-2015-8377) Cacti graphs\_new.php SQL Injection Vulnerability
An SQL injection was found in /cacti/graphs\_new.php, affected versions
0.8.8f and older.
### References:
http://bugs.cacti.net/view.php?id=2646
http://svn.cacti.net/viewvc?view=rev&revision=7767
http://seclists.org/fulldisclosure/2015/Dec/att-57/cacti\_sqli%281%29.txt
http://lwn.net/Articles/670044/
*(from redmine: issue id 4994, created on 2016-01-06, closed on 2016-12-15)*
* Relations:
* parent #4992
* Changesets:
* Revision b0c8c4440c4cd0eb5b6e618106cdbae99e30b6ea by Natanael Copa on 2016-03-18T09:16:15Z:
```
main/cacti: security upgrade to 0.8.8g (CVE-2015-8369,CVE-2015-8377)
fixes #4994
```3.3.2Jeff Bilykjbilyk@gmail.comJeff Bilykjbilyk@gmail.com