From 068065e6acad0d2e74bb03e7e5e777bbab786eb6 Mon Sep 17 00:00:00 2001
From: Ken Dreyer <ktdreyer@ktdreyer.com>
Date: Apr 08 2014 00:10:14 +0000
Subject: update %changelog for unresolved CVE-2014-2327


CVE-2014-2327, missing CSRF token, is not yet resolved. It is still
tracked at RHBZ #1082122.

Tony Roman <troman@cacti.net> wrote at
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768:

  "As for CVE-2014-2327 Cross Site Request Forgery Vulnerability, I'm still
  working on a solution.  I have some limited time this weekend to work on
  this fix.  But I will be on the west coast for business this next week
  and will have time at night to work on this fix."

---

diff --git a/cacti.spec b/cacti.spec
index f4438e8..0624ce8 100644
--- a/cacti.spec
+++ b/cacti.spec
@@ -198,7 +198,6 @@ rm -rf %{buildroot}
 - Patch for CVE-2014-2709 shell escaping issues in lib/rrd.php
   (RHBZ #1084258)
 - Patch for CVE-2014-2326 stored XSS attack (RHBZ #1082122)
-- Patch for CVE-2014-2327 missing CSRF token (RHBZ #1082122)
 - Patch for CVE-2014-2328 use of exec-like function calls without safety
   checks allow arbitrary command execution (RHBZ #1082122)