Change log for cacti package in Debian
1 → 75 of 144 results | First • Previous • Next • Last |
Published in bullseye-release |
cacti (1.2.16+ds1-2+deb11u2) bullseye-security; urgency=high * Backport security patches from 1.2.25: CVE-2023-39357, CVE-2023-39359, CVE-2023-39361, CVE-2023-39362, CVE-2023-39364, CVE-2023-39365, CVE-2023-39513, CVE-2023-39515, CVE-2023-39516 -- Paul Gevers <email address hidden> Fri, 27 Oct 2023 22:31:19 +0200
Published in sid-release |
cacti (1.2.26+ds1-1) unstable; urgency=medium * postinst/postrm: ensure DEBHELPER content is always run * New upstream version 1.2.26+ds1 Fixes the following vulnerabilities: CVE-2023-49084, CVE-2023-49085, CVE-2023-49086, CVE-2023-49088 CVE-2023-46490, CVE-2023-51448 and CVE-2023-50250 (Closes: #1059254, #1059286) * font-awesom-path.patch: refresh * Depends on node-dompurify and link purify.js instead of using upstream vendored version -- Paul Gevers <email address hidden> Sun, 24 Dec 2023 21:46:33 +0100
Available diffs
- diff from 1.2.25+ds1-2 to 1.2.26+ds1-1 (4.7 MiB)
Published in bookworm-release |
cacti (1.2.24+ds1-1+deb12u1) bookworm-security; urgency=high * Backport security patches from 1.2.25: CVE-2023-39357, CVE-2023-39358, CVE-2023-39359, CVE-2023-39360, CVE-2023-39361, CVE-2023-39362, CVE-2023-39364, CVE-2023-39365, CVE-2023-39366, CVE-2023-39510, CVE-2023-39511, CVE-2023-39512, CVE-2023-39513, CVE-2023-39514, CVE-2023-39515, CVE-2023-39516 -- Paul Gevers <email address hidden> Fri, 27 Oct 2023 22:23:02 +0200
Superseded in sid-release |
cacti (1.2.25+ds1-2) unstable; urgency=medium * change upstream CHANGELOG logic to accommodate Ubuntu FTBFS * Update Vcs to point at Debian namespace to invite others -- Paul Gevers <email address hidden> Thu, 21 Sep 2023 12:56:55 +0200
Available diffs
Superseded in sid-release |
cacti (1.2.25+ds1-1) unstable; urgency=medium * New upstream version 1.2.25+ds1 Fixes the following vulnerabilities: CVE-2023-39516, CVE-2023-39515, CVE-2023-39514, CVE-2023-39513, CVE-2023-39512, CVE-2023-39510, CVE-2023-39366, CVE-2023-39365, CVE-2023-39364, CVE-2023-39362, CVE-2023-39361, CVE-2023-39360, CVE-2023-39359, CVE-2023-39358, CVE-2023-39357 and CVE-2023-30534 * Refresh patches -- Paul Gevers <email address hidden> Wed, 06 Sep 2023 20:58:14 +0200
cacti (1.2.24+ds1-1) unstable; urgency=medium * New upstream version 1.2.24+ds1 * Refresh patches -- Paul Gevers <email address hidden> Wed, 01 Mar 2023 22:06:58 +0100
Available diffs
- diff from 1.2.23+ds1-2 to 1.2.24+ds1-1 (87.9 KiB)
Superseded in sid-release |
cacti (1.2.23+ds1-2) unstable; urgency=medium * d/rules: fix for new 'file' behavior (Closes: #1028764) * Adapt for changes in php-phpmyadmin-motranslator (Closes: #1028141) * d/rules: don't compress CHANGELOG symlink * tests: several improvement + re-add my own old check-all-pages -- Paul Gevers <email address hidden> Thu, 19 Jan 2023 10:30:29 +0100
Available diffs
- diff from 1.2.23+ds1-1 to 1.2.23+ds1-2 (4.4 KiB)
Superseded in sid-release |
cacti (1.2.23+ds1-1) unstable; urgency=medium * New upstream version 1.2.23+ds1 * Refresh patches + drop patches from upstream * Install all templates during first install instead of only the ones from 2017 * Fix upstream issue #5127: importing templates fails * Adapt check_all_pages testing to upstream changes by simplifying Debian changes * Fix ui-state-default color in classical theme (Closes: #972947) * Drop apache2.2 support (only in oldoldoldstable by now) * Drop debian/NEWS as it's old * Update and add several lintian overrides * Don't load external images in documentation to prevent privacy breach: remove-external-images.patch -- Paul Gevers <email address hidden> Thu, 05 Jan 2023 10:25:44 +0100
Available diffs
- diff from 1.2.22+ds1-3 to 1.2.23+ds1-1 (3.9 MiB)
Superseded in bullseye-release |
cacti (1.2.16+ds1-2+deb11u1) bullseye-security; urgency=medium * Add 7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216.patch to fix CVE-2022-46169 (Closes: #1025648) * Add two patches to fix CVE-2022-0730 (Closes: #1008693) * Update configuration template for CVE-2022-46169 -- Paul Gevers <email address hidden> Thu, 08 Dec 2022 09:50:14 +0100
Superseded in sid-release |
cacti (1.2.22+ds1-3) unstable; urgency=medium [ Athos Ribeiro ] * Update installing guides for NO_AUTO_CREATE_USER [ Paul Gevers ] * Add 7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216.patch to fix CVE-2022-46169 (Closes: #1025648) * Update debian.php.dist for the fix above to incorporate the configuration changes in the package defaults -- Paul Gevers <email address hidden> Tue, 06 Dec 2022 22:16:33 +0100
Available diffs
Superseded in sid-release |
cacti (1.2.22+ds1-2) unstable; urgency=medium [ Debian Janitor ] * Remove constraints unnecessary since buster (oldstable) * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository-Browse. * Update standards version to 4.6.1, no changes needed. * Remove empty maintainer scripts: cacti (preinst) [ Paul Gevers ] * Add 31bfd4b5c1d33af02911441111a430597b9f1021.patch to fix php8.2 deprecation warnings (Closes: #1022229) -- Paul Gevers <email address hidden> Wed, 02 Nov 2022 21:24:38 +0100
Superseded in sid-release |
cacti (1.2.22+ds1-1) unstable; urgency=medium * New upstream version 1.2.22+ds1 * Update 07_cli-include-path.patch -- Paul Gevers <email address hidden> Tue, 06 Sep 2022 21:53:38 +0200
Superseded in sid-release |
cacti (1.2.21+ds1-1) unstable; urgency=medium * New upstream version 1.2.21+ds1 * Refresh and update old patch stack * Replace dependency on libjs-d3 by node-d3 (Closes: #913385) * README.Debian: reorder paragraphs (Closes: #979176) -- Paul Gevers <email address hidden> Thu, 14 Jul 2022 17:05:21 +0200
Superseded in sid-release |
cacti (1.2.20+ds1-2) unstable; urgency=medium * Revert "Replace dependency on libjs-d3 by node-d3" (Opens: #913385) node-d3 isn't ready to replace libjs-d3 as it's not available on armel (bugs filed) -- Paul Gevers <email address hidden> Fri, 22 Apr 2022 20:45:58 +0200
Superseded in sid-release |
cacti (1.2.20+ds1-1) unstable; urgency=medium * New upstream version 1.2.20+ds1 CVE-2022-0730: Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. (Closes: #1008693) * d/copyright: update * strip away and replace some of the new midwinter theme like we do for other themes * Refresh patches and drop those that are part of 1.2.20 * cacti.links: drop dejavu links as cacti now finds system fonts by itself * Replace dependency on libjs-d3 by node-d3 (Closes: #913385) * Replace broken package (Upstream bug: #4685) * Fix multiple issues with new cli scripts (detected by test suite failure) -- Paul Gevers <email address hidden> Thu, 14 Apr 2022 10:16:39 +0200
Superseded in sid-release |
cacti (1.2.19+ds1-2) unstable; urgency=medium * Support cacti on PHP8.1 by incorporating upstream patches * Support the use of a csrf secret key out of the box -- Paul Gevers <email address hidden> Sun, 19 Dec 2021 22:03:28 +0100
Superseded in sid-release |
cacti (1.2.19+ds1-1) unstable; urgency=medium * New upstream version 1.2.19+ds1 - billboard.js replaces c3.* - Drop obsolete patches - Update 07_cli-include-path.patch to cover new cli * watch: update to scan github as the downloads page doesn't work anymore * Building documentation in .github fails, don't do that as it's not needed anyways * [tests] use upstreams version of check_all_pages, but adapted * [tests] run upstream check_cli_version.sh test -- Paul Gevers <email address hidden> Mon, 22 Nov 2021 20:30:48 +0100
Published in buster-release |
cacti (1.2.2+ds1-2+deb10u4) buster; urgency=medium * Add 0001-Fixing-Issue-4022.patch (Closes: #979998) - CVE-2020-35701: SQL injection via data_debug.php * Add 0001-Fixing-Issue-4019.patch There are a few places in the current code where an attacker, once having gained access to the Cacti database through a SQL injection, could modify data in tables to possibly expose an stored XSS bug in Cacti. -- Paul Gevers <email address hidden> Thu, 21 Jan 2021 20:16:38 +0100
cacti (1.2.16+ds1-2) unstable; urgency=medium * Add 0001-Fixing-Issue-4022.patch (Closes: #979998) - CVE-2020-35701: SQL injection via data_debug.php * Add 0001-Fixing-Issue-4019.patch There are a few places in the current code where an attacker, once having gained access to the Cacti database through a SQL injection, could modify data in tables to possibly expose an stored XSS bug in Cacti. -- Paul Gevers <email address hidden> Sun, 17 Jan 2021 21:26:01 +0100
Superseded in sid-release |
cacti (1.2.16+ds1-1) unstable; urgency=medium * New upstream release 1.2.16 -- Paul Gevers <email address hidden> Fri, 11 Dec 2020 21:54:47 +0100
Superseded in sid-release |
cacti (1.2.15+ds1-2) unstable; urgency=medium * Add upstream patch to fix autopkgtest failure: 643766b909d0824b08c2ab6c7a82ac0055a5d730.patch -- Paul Gevers <email address hidden> Fri, 06 Nov 2020 20:32:36 +0100
Superseded in sid-release |
cacti (1.2.15+ds1-1) unstable; urgency=medium * New upstream version 1.2.15 * Update font-awesome-path.patch -- Paul Gevers <email address hidden> Tue, 03 Nov 2020 21:57:12 +0100
Superseded in sid-release |
cacti (1.2.14+ds1-1) unstable; urgency=medium * New upstream version 1.2.14 -- Paul Gevers <email address hidden> Thu, 27 Aug 2020 10:55:38 +0200
Superseded in buster-release |
cacti (1.2.2+ds1-2+deb10u3) buster; urgency=medium * Unix timestamps after Sep 13 2020 are rejected as graph start/end arguments (Upstream bug #3245) * CVE-2020-7237: Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product. (Closes: #949997) * CVE-2020-7106: XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). (Closes: #949996) * CVE-2020-13230: Disabling an user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs) * CVE-2020-13231: auth_profile.php?action=edit allows CSRF for an admin email change -- Paul Gevers <email address hidden> Thu, 18 Jun 2020 22:34:41 +0200
Superseded in sid-release |
cacti (1.2.13+ds1-2) unstable; urgency=medium * Enable upstream CHANGELOG to be viewed -- Paul Gevers <email address hidden> Fri, 31 Jul 2020 21:31:50 +0200
Superseded in sid-release |
cacti (1.2.13+ds1-1) unstable; urgency=medium * New upstream version 1.2.13 - refresh 07_cli-include-path.patch -- Paul Gevers <email address hidden> Mon, 27 Jul 2020 21:39:25 +0200
Superseded in sid-release |
cacti (1.2.12+ds1-1) unstable; urgency=medium * New upstream version 1.2.12 * Bump libphp-phpmailer dependency * Update debian.php.dist to match updated include/config.php -- Paul Gevers <email address hidden> Thu, 07 May 2020 22:09:43 +0200
Superseded in sid-release |
cacti (1.2.11+ds1-1) unstable; urgency=medium * New upstream version 1.2.11 - Refresh patch * Update debian.php.dist to match updated include/config.php -- Paul Gevers <email address hidden> Tue, 07 Apr 2020 22:22:16 +0200
Superseded in sid-release |
cacti (1.2.10+ds1-1) unstable; urgency=medium * New upstream version 1.2.10 CVE-2020-8813 graph_realtime.php allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege (Closes: 951832) -- Paul Gevers <email address hidden> Sun, 08 Mar 2020 21:26:46 +0100
Superseded in sid-release |
cacti (1.2.9+ds1-1) unstable; urgency=medium * New upstream version 1.2.9+ds1 CVE-2020-7106 Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. (Closes: #949996) CVE-2020-7237 Stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (Closes: #949997) -- Paul Gevers <email address hidden> Thu, 13 Feb 2020 20:38:01 +0100
Published in stretch-release |
cacti (0.8.8h+ds1-10+deb9u1) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2019-17358: insufficient validation of form input leading to unsafe unserialization operations and memory corruption (Closes: #947375). -- Hugo Lefeuvre <email address hidden> Sun, 29 Dec 2019 20:37:02 +0100
Superseded in buster-release |
cacti (1.2.2+ds1-2+deb10u2) buster-security; urgency=medium * Non-maintainer upload by the Security Team. * Acknowledgements to Paul Gevers! * CVE-2019-17358: insufficient validation of form input leading to unsafe unserialization operations and memory corruption (Closes: #947375). * CVE-2019-17357: SQL injection vulnerability in graphs.php (Closes: #947374). * CVE-2019-16723: Authentication bypass allows unprivileged users to view all graphs (Closes: #941036). -- Hugo Lefeuvre <email address hidden> Sun, 29 Dec 2019 19:53:28 +0100
Superseded in sid-release |
cacti (1.2.8+ds1-1) unstable; urgency=medium * New upstream version 1.2.8+ds1 CVE-2019-17357 When viewing graphs, some input variables are not properly checked (SQL injection possible) (Closes: #947374) CVE-2019-17358 When deserializating data, ensure basic sanitization has been performed (Closes: #947375) -- Paul Gevers <email address hidden> Sat, 28 Dec 2019 17:44:58 +0100
Superseded in sid-release |
cacti (1.2.7+ds1-1) unstable; urgency=medium * New upstream version 1.2.7+ds1 CVE-2019-16723 Security issue allows to view all graphs (Closes: #941036) * Refresh and drop patches to match upstream -- Paul Gevers <email address hidden> Sun, 06 Oct 2019 22:10:41 +0200
Superseded in sid-release |
cacti (1.2.6+ds1-3) unstable; urgency=medium * Add 0001-Resolving-Issue-2984.patch to fix CI error -- Paul Gevers <email address hidden> Sat, 28 Sep 2019 10:49:29 +0200
Superseded in sid-release |
cacti (1.2.6+ds1-2) unstable; urgency=medium [ Paul Gevers] * Fix autopkgtest regression with 0001-Resolving-Issue-2899.patch from upstream * Apache skipped the php section in apache.conf since PHP 7 (Closes: #934898) * Translations were broken since 1.2.4+ds1-1. Import upstream solution enabling the use of php-phpmyadmin-motranslator. [ Rafael David Tinoco ] * Prepare sql commands for MySQL 8 (See: #933683) -- Paul Gevers <email address hidden> Tue, 17 Sep 2019 20:31:04 +0200
Superseded in sid-release |
cacti (1.2.6+ds1-1) unstable; urgency=medium * New upstream release 1.2.6 - Refresh 07_cli-include-path.patch * Remove obsolete link to phpgettext -- Paul Gevers <email address hidden> Thu, 05 Sep 2019 17:47:08 +0200
Superseded in buster-release |
cacti (1.2.2+ds1-2+deb10u1) buster; urgency=medium * Depends i.s.o. Recommends on php-gmp as this is now a requirement of the upstream code (Closes: #930252) * Fix reading of snmp gauges (0001-Resolving-issue-2474.patch) (Closes: #930254) * Fix upgrade from stretch (0001-Resolving-issue-2482.patch); the upgrade code attempted to drop a non-existing primary key (Closes: #931702) -- Paul Gevers <email address hidden> Tue, 16 Jul 2019 21:40:32 +0200
Superseded in sid-release |
cacti (1.2.4+ds1-2) unstable; urgency=medium * tests: add new IMPORT messages to ignore filter -- Paul Gevers <email address hidden> Mon, 15 Jul 2019 19:33:58 +0200
Available diffs
- diff from 1.2.2+ds1-2 to 1.2.4+ds1-2 (2.8 MiB)
- diff from 1.2.4+ds1-1 to 1.2.4+ds1-2 (741 bytes)
Superseded in sid-release |
cacti (1.2.4+ds1-1) unstable; urgency=medium * New upstream release 1.2.4 - Fixed upgrade script (Closes: #931702) - Fixed snmp gauges (Closes: #930254) * Depends i.s.o. Recommends on php-gmp (Closes: #930252) * Drop dependency on php-php-gettext as it is optional for cacti and it's going to be removed due to CVE-2016-6175 * Refresh patches * Update d/debian.php.dist with changes in include/config.php -- Paul Gevers <email address hidden> Sun, 14 Jul 2019 21:33:08 +0200
cacti (1.2.2+ds1-2) unstable; urgency=medium * Add 0001-Resolving-Issue-2581.patch from upstream (Closes: #926700) CVE-2019-11025: In clearFilter() in utilities.php no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS. -- Paul Gevers <email address hidden> Tue, 09 Apr 2019 20:42:38 +0200
Available diffs
- diff from 1.2.2+ds1-1 to 1.2.2+ds1-2 (1.3 KiB)
cacti (1.2.2+ds1-1) unstable; urgency=medium * New upstream release 1.2.2 * tests: add one more exception for Ubuntu (Closes: #922437) * Depend on fonts-fork-awesome instead of fonts-font-awesome (Closes: #922779) * Fix typo in debian.php.dist (Closes: #922651) -- Paul Gevers <email address hidden> Tue, 26 Feb 2019 21:48:07 +0100
Available diffs
- diff from 1.2.1+ds1-2 to 1.2.2+ds1-1 (1.9 MiB)
cacti (1.2.1+ds1-2) unstable; urgency=medium * tests: add some items back that are seen on Ubuntu's setup * Migrate from libjs-chartjs to libjs-chart.js due to bug #922288 -- Paul Gevers <email address hidden> Thu, 14 Feb 2019 10:19:02 +0100
Available diffs
cacti (1.2.1+ds1-1) unstable; urgency=medium * New upstream release 1.2.1 - spikekiller is now a class (Closes: #916814) * Upload to unstable * Bump dependency on libphp-phpmailer * Bump Standards (no changes) * Declare R³: binary-targets (Thanks lintian) -- Paul Gevers <email address hidden> Sun, 27 Jan 2019 21:22:59 +0100
Available diffs
- diff from 1.1.38+ds1-2 to 1.2.1+ds1-1 (6.6 MiB)
cacti (1.1.38+ds1-2) unstable; urgency=medium * [tests] Adapt for MariaDB 10.3 which triggers a new message in the log that doesn't seem to result in different output otherwise * [tests] Add mysql-server test back but with skip-not-installable. Debian has mariadb-server as default-mysql-server so we definitely want to test that. Ubuntu has mysql-server, so we also want to test that, but that isn't in testing. (Closes: #903238) -- Paul Gevers <email address hidden> Thu, 27 Dec 2018 20:33:59 +0100
Available diffs
Deleted in experimental-release (Reason: None provided.) |
cacti (1.2.0~beta4+ds1-1) experimental; urgency=medium * New upstream release 1.2.0-beta4 * Refresh patches * Disable internal log rotation by default as Debian uses its own log rotate mechanism by default -- Paul Gevers <email address hidden> Sun, 02 Dec 2018 20:51:32 +0100
Superseded in experimental-release |
cacti (1.2.0~beta2+ds1-1) experimental; urgency=medium * New upstream release 1.2.0-beta1 * CVE-2009-4112: remote authenticated administrators can gain privileges; circumvented via optional whitelisting (Closes: #561339) * Refresh patches * Drop most of enable-system-jqueryui-by-putting-cacti-changes-in-main.css.patch * Bump Standards to 4.2.1 * Bump debhelper compat level * [tests] Add mysql-server test back but with skip-not-installable. Debian has mariadb-server as default-mysql-server so we definitely want to test that. Ubuntu has mysql-server, so we also want to test that, but that isn't in testing. (Closes: #903238) * Drop recursive chown from postins (thanks lintian) * Add perl-path.patch to make sh-bang in perl scripts compliant with policy (thanks lintian) * Add font-awesome-path.patch as the path to the css is slightly different in the system version * Add fix-update-for-beta-versions.patch to ensure updating works * Adapt documentation building as upstream reworked it completely -- Paul Gevers <email address hidden> Sun, 28 Oct 2018 16:00:51 +0100
cacti (1.1.38+ds1-1) unstable; urgency=medium * New upstream release 1.1.38 * [tests] Remove mysql-server test as it isn't available in testing -- Paul Gevers <email address hidden> Wed, 18 Apr 2018 12:03:05 +0200
Available diffs
- diff from 1.1.36+ds1-1 to 1.1.38+ds1-1 (350.3 KiB)
- diff from 1.1.37+ds1-1 to 1.1.38+ds1-1 (108.3 KiB)
cacti (1.1.37+ds1-1) unstable; urgency=medium * New upstream release 1.1.37 * CVE-2018-10059: (XSS) the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name * CVE-2018-10060: (XSS) does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php * CVE-2018-10061: (XSS) makes certain htmlspecialchars calls without the ENT_QUOTES flag -- Paul Gevers <email address hidden> Thu, 12 Apr 2018 17:43:13 +0200
Available diffs
- diff from 1.1.36+ds1-1 to 1.1.37+ds1-1 (347.0 KiB)
cacti (1.1.36+ds1-1) unstable; urgency=medium * New upstream release 1.1.36 - Refresh patches -- Paul Gevers <email address hidden> Wed, 28 Feb 2018 16:22:50 +0100
Available diffs
- diff from 1.1.35+ds1-1 to 1.1.36+ds1-1 (276.0 KiB)
cacti (1.1.35+ds1-1) unstable; urgency=medium * New upstream version 1.1.35 * [tests] Fix for nofollow directive that prevented recursive crawl (Closes: #889893) * [tests] Prevent cron job from running * Add 0001-issue-1336-Fix-issue-with-config-not-being-defined-1.patch from upstream -- Paul Gevers <email address hidden> Tue, 13 Feb 2018 19:26:14 +0100
Available diffs
- diff from 1.1.28+ds1-2 to 1.1.35+ds1-1 (272.2 KiB)
- diff from 1.1.34+ds1-1 to 1.1.35+ds1-1 (129.8 KiB)
cacti (1.1.34+ds1-1) unstable; urgency=medium * New upstream version 1.1.34 - Includes updates for php7.2 (Closes: #889181) -- Paul Gevers <email address hidden> Tue, 06 Feb 2018 22:31:34 +0100
Available diffs
cacti (1.1.31+ds1-1) unstable; urgency=medium * New upstream version 1.1.31 * Update autopkgtest for new output since 1.1.29 -- Paul Gevers <email address hidden> Wed, 17 Jan 2018 18:50:00 +0100
Available diffs
- diff from 1.1.30+ds1-1 to 1.1.31+ds1-1 (163.0 KiB)
cacti (1.1.30+ds1-1) unstable; urgency=medium * New upstream version 1.1.30 -- Paul Gevers <email address hidden> Fri, 05 Jan 2018 20:30:47 +0100
Available diffs
- diff from 1.1.29+ds1-1 to 1.1.30+ds1-1 (106.4 KiB)
cacti (1.1.29+ds1-1) unstable; urgency=medium * New upstream version 1.1.29 * Refresh documentation tar ball * Drop php-mysqlnd from alternative list of dependencies, it doesn't exist * Use dh-linktree embed-weakdep option to prevent strong dependencies (requires dh-linktree 0.5) -- Paul Gevers <email address hidden> Wed, 27 Dec 2017 20:57:21 +0100
Available diffs
- diff from 1.1.28+ds1-3 to 1.1.29+ds1-1 (130.0 KiB)
cacti (1.1.28+ds1-3) unstable; urgency=medium * Rebuild against new version of libjs-jquery-colorpicker (Closes: #884756) -- Paul Gevers <email address hidden> Thu, 21 Dec 2017 21:16:13 +0100
Available diffs
- diff from 1.1.28+ds1-2 to 1.1.28+ds1-3 (513 bytes)
cacti (1.1.28+ds1-2) unstable; urgency=medium * Add remove-global-mysql-command.patch (Closes: #882356) -- Paul Gevers <email address hidden> Fri, 24 Nov 2017 11:07:11 +0100
Available diffs
- diff from 1.1.27+ds1-3 to 1.1.28+ds1-2 (171.7 KiB)
- diff from 1.1.28+ds1-1 to 1.1.28+ds1-2 (738 bytes)
Superseded in sid-release |
cacti (1.1.28+ds1-1) unstable; urgency=medium * New upstream version 1.1.28 - Drop applied patches * [tests] Allow time out to happen in the logs as Ubuntu's autopkgtest servers are often too slow -- Paul Gevers <email address hidden> Sun, 19 Nov 2017 21:34:10 +0100
Available diffs
- diff from 1.1.27+ds1-3 to 1.1.28+ds1-1 (171.3 KiB)
cacti (1.1.27+ds1-3) unstable; urgency=medium * CVE-2017-16641: remote authenticated administrators can execute arbitrary os commands via the path_rrdtool parameter in an action=save request to settings.php (Closes: #881110) * CVE-2017-16660: remote authenticated administrators can conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header * CVE-2017-16661: remote authenticated administrators can read arbitrary files accessible by the web-server user by placing the Log Path into a private directory, and then making a clog.php?filename= request * CVE-2017-16785: reflected XSS via the PATH_INFO to host.php (reintroduction of CVE-2017-15194) * Bump standards to 4.1.1 * Set Priority to optional -- Paul Gevers <email address hidden> Tue, 14 Nov 2017 20:14:34 +0100
Available diffs
- diff from 1.1.27+ds1-2 to 1.1.27+ds1-3 (8.0 KiB)
cacti (1.1.27+ds1-2) unstable; urgency=medium * Add upstream commit b44eb52 as 0001-Another-crack-at-issue-1039.patch because they likely reintroduced part of CVE-2017-15194. Thanks to autopkgtest -- Paul Gevers <email address hidden> Fri, 27 Oct 2017 14:41:48 +0200
Available diffs
- diff from 1.1.18+ds1-1 to 1.1.27+ds1-2 (603.1 KiB)
Superseded in sid-release |
cacti (1.1.27+ds1-1) unstable; urgency=medium * New upstream version 1.1.27 - Drop CVE-2017-15194.patch again * [tests] Add new note to list of exceptions to fix failure -- Paul Gevers <email address hidden> Mon, 23 Oct 2017 20:52:49 +0200
cacti (1.1.25+ds1-1) unstable; urgency=medium * New upstream version 1.1.25 * Improve the override_dh_fixperms target as some files were unintentionally missed and thus make cacti reproducible again * CVE-2017-15194: XSS in global_session.php - Add CVE-2017-15194.patch (Closes: #878304) - Add check to autopkgtest -- Paul Gevers <email address hidden> Fri, 13 Oct 2017 21:09:04 +0200
cacti (1.1.21+ds1-1) unstable; urgency=medium * New upstream version 1.1.21 * Bump standards version to 4.1.0 (no changes) -- Paul Gevers <email address hidden> Fri, 08 Sep 2017 14:48:59 +0200
cacti (1.1.18+ds1-1) unstable; urgency=medium * New upstream version 1.1.18 - Drop patches from upstream and refresh the others * Bump standards version to 4.0.1 (no changes) * Stop installing csrf/LICENSE file (thanks lintian) -- Paul Gevers <email address hidden> Sat, 19 Aug 2017 18:46:41 +0200
Available diffs
- diff from 1.1.17+ds1-2 to 1.1.18+ds1-1 (201.8 KiB)
Superseded in sid-release |
cacti (1.1.17+ds1-2) unstable; urgency=medium * CVE-2017-12927 XSS vulnerability in spikekill.php (Closes: #872478) * [tests] fix grep expression to unblock Ubuntu * [tests] Add improve-boost-logging-on-fresh-installs.patch and don't filter on the fixed messages * Fix typo in previous changelog message -- Paul Gevers <email address hidden> Fri, 18 Aug 2017 21:15:23 +0200
Available diffs
- diff from 1.1.16+ds1-1 to 1.1.17+ds1-2 (83.4 KiB)
- diff from 1.1.17+ds1-1 to 1.1.17+ds1-2 (2.0 KiB)
Superseded in sid-release |
cacti (1.1.17+ds1-1) unstable; urgency=medium * New upstream version 1.1.17 * Make the autopkgtest strickter now upstream reduced the noise -- Paul Gevers <email address hidden> Wed, 16 Aug 2017 14:04:31 +0200
Available diffs
- diff from 1.1.16+ds1-1 to 1.1.17+ds1-1 (82.4 KiB)
cacti (1.1.16+ds1-1) unstable; urgency=medium * New upstream release - Fixes CVE-2017-12065 spikekill.php might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter (Closes: #870353) - Fixes CVE-2017-12066 Cross-site scripting (XSS) vulnerability in aggregate_graphs.php (Closes: #870354) -- Paul Gevers <email address hidden> Thu, 03 Aug 2017 09:38:54 -0400
Available diffs
- diff from 1.1.15+ds1-1 to 1.1.16+ds1-1 (47.2 KiB)
cacti (1.1.15+ds1-1) unstable; urgency=medium * New upstream release - Fixes CVE-2017-11691 Cross-site scripting (XSS) vulnerability in auth_profile.php (Closes: #869848) * Lower the Depends on dbc to include ~ to ease backports -- Paul Gevers <email address hidden> Thu, 27 Jul 2017 10:40:05 -0400
Available diffs
- diff from 1.1.13+ds1-1 to 1.1.15+ds1-1 (87.5 KiB)
cacti (1.1.13+ds1-1) unstable; urgency=medium * New upstream release * Update documentation from upstream -- Paul Gevers <email address hidden> Fri, 14 Jul 2017 20:37:39 +0200
Available diffs
- diff from 1.1.12+ds1-1 to 1.1.13+ds1-1 (50.5 KiB)
cacti (1.1.12+ds1-1) unstable; urgency=medium * New upstream release * CVE-2017-10970 XSS vulnerability via link.php fixed (Closes: #867532) * Add version to jquery-tablesorter * Make sure that autopkgtests at least run again -- Paul Gevers <email address hidden> Fri, 07 Jul 2017 21:07:43 +0200
Available diffs
- diff from 0.8.8h+ds1-10 to 1.1.12+ds1-1 (2.6 MiB)
- diff from 1.1.10+ds1-6 to 1.1.12+ds1-1 (136.9 KiB)
Superseded in sid-release |
cacti (1.1.10+ds1-6) unstable; urgency=medium * Fix upgrade script to find the upgrade functions in the Debian file layout (Closes: #866773) Thanks to ISHIKAWA Mutsumi * Add upgrade code for grant on mysql.time_zone_name * Bump version of dbconfig-common to ensure we have the fix for postinst code working -- Paul Gevers <email address hidden> Tue, 04 Jul 2017 07:16:45 +0200
Available diffs
- diff from 1.1.10+ds1-5 to 1.1.10+ds1-6 (1.1 KiB)
Superseded in sid-release |
cacti (1.1.10+ds1-5) unstable; urgency=medium * Fix piuparts issue where the scripts are changed due to loading the template files in the postinst script. See upstream bug #810. (Closes: #866140) -- Paul Gevers <email address hidden> Tue, 27 Jun 2017 21:41:26 +0200
Available diffs
- diff from 1.1.10+ds1-4 to 1.1.10+ds1-5 (973 bytes)
Superseded in sid-release |
cacti (1.1.10+ds1-4) unstable; urgency=medium * Upload to unstable * Bump standards version to 4.0.0 (no changes) -- Paul Gevers <email address hidden> Tue, 20 Jun 2017 21:45:13 +0200
Available diffs
- diff from 0.8.8h+ds1-10 to 1.1.10+ds1-4 (2.6 MiB)
Deleted in experimental-release (Reason: None provided.) |
cacti (1.1.10+ds1-3) experimental; urgency=medium * Add texlive-formats-extra to the BD to get /usr/bin/pdfjadetex on the path ($HOME didn't solve it) -- Paul Gevers <email address hidden> Fri, 16 Jun 2017 17:35:31 +0200
Superseded in experimental-release |
cacti (1.1.10+ds1-2) experimental; urgency=medium * Define $HOME in d/rules to (hopefully) prevent FTBFS (which is unfortunately unreproducible in any of the setups I tested) -- Paul Gevers <email address hidden> Thu, 15 Jun 2017 20:04:06 +0200
1 → 75 of 144 results | First • Previous • Next • Last |