Chris Lamb · Chris Lamb · 4ff62e1d · 4ff62e1d
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -219,6 +219,7 @@ CVE-2020-7107 (The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS vi
 CVE-2020-7106 (Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.p ...)
 	- cacti <unfixed>
 	NOTE: https://github.com/Cacti/cacti/issues/3191
+	NOTE: https://github.com/Cacti/cacti/commit/4cbb045e03ee20a2bd09094a201a925fbb8a39d9
 CVE-2020-7105 (async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a N ...)
 	- hiredis <unfixed>
 	NOTE: https://github.com/redis/hiredis/issues/747
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -15,6 +15,8 @@ ansible
  NOTE: CVE-2019-14846 should be an easy fix.
  NOTE: CVE-2019-14858's upstream patch is too big; fails to work properly. (utkarsh2102)
 --
+cacti (Chris Lamb)
+--
 clamav (Hugo Lefeuvre)
  NOTE: 20200111: waiting for 0.102.1 to enter stretch/buster.
  NOTE: 0.102.* introduces a fair amount of ABI changes, and the migration