Change log for cacti package in Debian

175 of 144 results
Published in bullseye-release
cacti (1.2.16+ds1-2+deb11u2) bullseye-security; urgency=high

  * Backport security patches from 1.2.25: CVE-2023-39357, CVE-2023-39359,
    CVE-2023-39361, CVE-2023-39362, CVE-2023-39364, CVE-2023-39365,
    CVE-2023-39513, CVE-2023-39515, CVE-2023-39516

 -- Paul Gevers <email address hidden>  Fri, 27 Oct 2023 22:31:19 +0200
Published in sid-release
cacti (1.2.26+ds1-1) unstable; urgency=medium

  * postinst/postrm: ensure DEBHELPER content is always run
  * New upstream version 1.2.26+ds1
    Fixes the following vulnerabilities: CVE-2023-49084, CVE-2023-49085,
    CVE-2023-49086, CVE-2023-49088 CVE-2023-46490, CVE-2023-51448 and
    CVE-2023-50250 (Closes: #1059254, #1059286)
  * font-awesom-path.patch: refresh
  * Depends on node-dompurify and link purify.js instead of using upstream
    vendored version

 -- Paul Gevers <email address hidden>  Sun, 24 Dec 2023 21:46:33 +0100

Available diffs

Published in bookworm-release
cacti (1.2.24+ds1-1+deb12u1) bookworm-security; urgency=high

  * Backport security patches from 1.2.25: CVE-2023-39357, CVE-2023-39358,
    CVE-2023-39359, CVE-2023-39360, CVE-2023-39361, CVE-2023-39362,
    CVE-2023-39364, CVE-2023-39365, CVE-2023-39366, CVE-2023-39510,
    CVE-2023-39511, CVE-2023-39512, CVE-2023-39513, CVE-2023-39514,
    CVE-2023-39515, CVE-2023-39516

 -- Paul Gevers <email address hidden>  Fri, 27 Oct 2023 22:23:02 +0200
Superseded in sid-release
cacti (1.2.25+ds1-2) unstable; urgency=medium

  * change upstream CHANGELOG logic to accommodate Ubuntu FTBFS
  * Update Vcs to point at Debian namespace to invite others

 -- Paul Gevers <email address hidden>  Thu, 21 Sep 2023 12:56:55 +0200
Superseded in sid-release
cacti (1.2.25+ds1-1) unstable; urgency=medium

  * New upstream version 1.2.25+ds1
    Fixes the following vulnerabilities: CVE-2023-39516,
    CVE-2023-39515, CVE-2023-39514, CVE-2023-39513, CVE-2023-39512,
    CVE-2023-39510, CVE-2023-39366, CVE-2023-39365, CVE-2023-39364,
    CVE-2023-39362, CVE-2023-39361, CVE-2023-39360, CVE-2023-39359,
    CVE-2023-39358, CVE-2023-39357 and CVE-2023-30534
  * Refresh patches

 -- Paul Gevers <email address hidden>  Wed, 06 Sep 2023 20:58:14 +0200
Superseded in bookworm-release
Superseded in sid-release
cacti (1.2.24+ds1-1) unstable; urgency=medium

  * New upstream version 1.2.24+ds1
  * Refresh patches

 -- Paul Gevers <email address hidden>  Wed, 01 Mar 2023 22:06:58 +0100

Available diffs

Superseded in sid-release
cacti (1.2.23+ds1-2) unstable; urgency=medium

  * d/rules: fix for new 'file' behavior (Closes: #1028764)
  * Adapt for changes in php-phpmyadmin-motranslator (Closes: #1028141)
  * d/rules: don't compress CHANGELOG symlink
  * tests: several improvement + re-add my own old check-all-pages

 -- Paul Gevers <email address hidden>  Thu, 19 Jan 2023 10:30:29 +0100

Available diffs

Superseded in sid-release
cacti (1.2.23+ds1-1) unstable; urgency=medium

  * New upstream version 1.2.23+ds1
  * Refresh patches + drop patches from upstream
  * Install all templates during first install instead of only the ones
    from 2017
  * Fix upstream issue #5127: importing templates fails
  * Adapt check_all_pages testing to upstream changes by simplifying
    Debian changes
  * Fix ui-state-default color in classical theme (Closes: #972947)
  * Drop apache2.2 support (only in oldoldoldstable by now)
  * Drop debian/NEWS as it's old
  * Update and add several lintian overrides
  * Don't load external images in documentation to prevent privacy breach:
    remove-external-images.patch

 -- Paul Gevers <email address hidden>  Thu, 05 Jan 2023 10:25:44 +0100

Available diffs

Superseded in bullseye-release
cacti (1.2.16+ds1-2+deb11u1) bullseye-security; urgency=medium

  * Add 7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216.patch to fix CVE-2022-46169
    (Closes: #1025648)
  * Add two patches to fix CVE-2022-0730 (Closes: #1008693)
  * Update configuration template for CVE-2022-46169

 -- Paul Gevers <email address hidden>  Thu, 08 Dec 2022 09:50:14 +0100
Superseded in sid-release
cacti (1.2.22+ds1-3) unstable; urgency=medium

  [ Athos Ribeiro ]
  * Update installing guides for NO_AUTO_CREATE_USER

  [ Paul Gevers ]
  * Add 7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216.patch to fix
    CVE-2022-46169 (Closes: #1025648)
  * Update debian.php.dist for the fix above to incorporate the
    configuration changes in the package defaults

 -- Paul Gevers <email address hidden>  Tue, 06 Dec 2022 22:16:33 +0100
Superseded in sid-release
cacti (1.2.22+ds1-2) unstable; urgency=medium

  [ Debian Janitor ]
  * Remove constraints unnecessary since buster (oldstable)
  * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository-Browse.
  * Update standards version to 4.6.1, no changes needed.
  * Remove empty maintainer scripts: cacti (preinst)

  [ Paul Gevers ]
  * Add 31bfd4b5c1d33af02911441111a430597b9f1021.patch to fix php8.2
    deprecation warnings (Closes: #1022229)

 -- Paul Gevers <email address hidden>  Wed, 02 Nov 2022 21:24:38 +0100
Superseded in sid-release
cacti (1.2.22+ds1-1) unstable; urgency=medium

  * New upstream version 1.2.22+ds1
  * Update 07_cli-include-path.patch

 -- Paul Gevers <email address hidden>  Tue, 06 Sep 2022 21:53:38 +0200
Superseded in sid-release
cacti (1.2.21+ds1-1) unstable; urgency=medium

  * New upstream version 1.2.21+ds1
  * Refresh and update old patch stack
  * Replace dependency on libjs-d3 by node-d3 (Closes: #913385)
  * README.Debian: reorder paragraphs (Closes: #979176)

 -- Paul Gevers <email address hidden>  Thu, 14 Jul 2022 17:05:21 +0200
Superseded in sid-release
cacti (1.2.20+ds1-2) unstable; urgency=medium

  * Revert "Replace dependency on libjs-d3 by node-d3" (Opens: #913385)
    node-d3 isn't ready to replace libjs-d3 as it's not available on armel
    (bugs filed)

 -- Paul Gevers <email address hidden>  Fri, 22 Apr 2022 20:45:58 +0200
Superseded in sid-release
cacti (1.2.20+ds1-1) unstable; urgency=medium

  * New upstream version 1.2.20+ds1
    CVE-2022-0730: Under certain ldap conditions, Cacti authentication can
    be bypassed with certain credential types. (Closes: #1008693)
  * d/copyright: update
  * strip away and replace some of the new midwinter theme like we do for
    other themes
  * Refresh patches and drop those that are part of 1.2.20
  * cacti.links: drop dejavu links as cacti now finds system fonts by
    itself
  * Replace dependency on libjs-d3 by node-d3 (Closes: #913385)
  * Replace broken package (Upstream bug: #4685)
  * Fix multiple issues with new cli scripts (detected by test suite
    failure)

 -- Paul Gevers <email address hidden>  Thu, 14 Apr 2022 10:16:39 +0200
Superseded in sid-release
cacti (1.2.19+ds1-2) unstable; urgency=medium

  * Support cacti on PHP8.1 by incorporating upstream patches
  * Support the use of a csrf secret key out of the box

 -- Paul Gevers <email address hidden>  Sun, 19 Dec 2021 22:03:28 +0100
Superseded in sid-release
cacti (1.2.19+ds1-1) unstable; urgency=medium

  * New upstream version 1.2.19+ds1
    - billboard.js replaces c3.*
    - Drop obsolete patches
    - Update 07_cli-include-path.patch to cover new cli
  * watch: update to scan github as the downloads page doesn't work
    anymore
  * Building documentation in .github fails, don't do that as it's not
    needed anyways
  * [tests] use upstreams version of check_all_pages, but adapted
  * [tests] run upstream check_cli_version.sh test

 -- Paul Gevers <email address hidden>  Mon, 22 Nov 2021 20:30:48 +0100
Published in buster-release
cacti (1.2.2+ds1-2+deb10u4) buster; urgency=medium

  * Add 0001-Fixing-Issue-4022.patch (Closes: #979998)
    - CVE-2020-35701: SQL injection via data_debug.php
  * Add 0001-Fixing-Issue-4019.patch
    There are a few places in the current code where an attacker, once
    having gained access to the Cacti database through a SQL injection,
    could modify data in tables to possibly expose an stored XSS bug in
    Cacti.

 -- Paul Gevers <email address hidden>  Thu, 21 Jan 2021 20:16:38 +0100
Superseded in bullseye-release
Superseded in sid-release
cacti (1.2.16+ds1-2) unstable; urgency=medium

  * Add 0001-Fixing-Issue-4022.patch (Closes: #979998)
    - CVE-2020-35701: SQL injection via data_debug.php
  * Add 0001-Fixing-Issue-4019.patch
    There are a few places in the current code where an attacker, once
    having gained access to the Cacti database through a SQL injection,
    could modify data in tables to possibly expose an stored XSS bug in
    Cacti.

 -- Paul Gevers <email address hidden>  Sun, 17 Jan 2021 21:26:01 +0100
Superseded in sid-release
cacti (1.2.16+ds1-1) unstable; urgency=medium

  * New upstream release 1.2.16

 -- Paul Gevers <email address hidden>  Fri, 11 Dec 2020 21:54:47 +0100
Superseded in sid-release
cacti (1.2.15+ds1-2) unstable; urgency=medium

  * Add upstream patch to fix autopkgtest failure:
    643766b909d0824b08c2ab6c7a82ac0055a5d730.patch

 -- Paul Gevers <email address hidden>  Fri, 06 Nov 2020 20:32:36 +0100
Superseded in sid-release
cacti (1.2.15+ds1-1) unstable; urgency=medium

  * New upstream version 1.2.15
  * Update font-awesome-path.patch

 -- Paul Gevers <email address hidden>  Tue, 03 Nov 2020 21:57:12 +0100
Superseded in sid-release
cacti (1.2.14+ds1-1) unstable; urgency=medium

  * New upstream version 1.2.14

 -- Paul Gevers <email address hidden>  Thu, 27 Aug 2020 10:55:38 +0200
Superseded in buster-release
cacti (1.2.2+ds1-2+deb10u3) buster; urgency=medium

  * Unix timestamps after Sep 13 2020 are rejected as graph start/end
    arguments (Upstream bug #3245)
  * CVE-2020-7237: Remote Code Execution (by privileged users) via shell
    metacharacters in the Performance Boost Debug Log field of
    poller_automation.php. OS commands are executed when a new poller
    cycle begins. The attacker must be authenticated, and must have access
    to modify the Performance Settings of the product. (Closes: #949997)
  * CVE-2020-7106: XSS in data_sources.php, color_templates_item.php,
    graphs.php, graph_items.php, lib/api_automation.php, user_admin.php,
    and user_group_admin.php, as demonstrated by the description parameter
    in data_sources.php (a raw string from the database that is displayed
    by $header to trigger the XSS). (Closes: #949996)
  * CVE-2020-13230: Disabling an user account does not immediately
    invalidate any permissions granted to that account (e.g., permission
    to view logs)
  * CVE-2020-13231: auth_profile.php?action=edit allows CSRF for an admin
    email change

 -- Paul Gevers <email address hidden>  Thu, 18 Jun 2020 22:34:41 +0200
Superseded in sid-release
cacti (1.2.13+ds1-2) unstable; urgency=medium

  * Enable upstream CHANGELOG to be viewed

 -- Paul Gevers <email address hidden>  Fri, 31 Jul 2020 21:31:50 +0200
Superseded in sid-release
cacti (1.2.13+ds1-1) unstable; urgency=medium

  * New upstream version 1.2.13
    - refresh 07_cli-include-path.patch

 -- Paul Gevers <email address hidden>  Mon, 27 Jul 2020 21:39:25 +0200
Superseded in sid-release
cacti (1.2.12+ds1-1) unstable; urgency=medium

  * New upstream version 1.2.12
  * Bump libphp-phpmailer dependency
  * Update debian.php.dist to match updated include/config.php

 -- Paul Gevers <email address hidden>  Thu, 07 May 2020 22:09:43 +0200
Superseded in sid-release
cacti (1.2.11+ds1-1) unstable; urgency=medium

  * New upstream version 1.2.11
    - Refresh patch
  * Update debian.php.dist to match updated include/config.php

 -- Paul Gevers <email address hidden>  Tue, 07 Apr 2020 22:22:16 +0200
Superseded in sid-release
cacti (1.2.10+ds1-1) unstable; urgency=medium

  * New upstream version 1.2.10
    CVE-2020-8813 graph_realtime.php allows remote attackers to execute
    arbitrary OS commands via shell metacharacters in a cookie, if a guest
    user has the graph real-time privilege (Closes: 951832)

 -- Paul Gevers <email address hidden>  Sun, 08 Mar 2020 21:26:46 +0100
Superseded in sid-release
cacti (1.2.9+ds1-1) unstable; urgency=medium

  * New upstream version 1.2.9+ds1
    CVE-2020-7106 Remote Code Execution (by privileged users) via shell
    metacharacters in the Performance Boost Debug Log field of
    poller_automation.php. (Closes: #949996)
    CVE-2020-7237 Stored XSS in data_sources.php,
    color_templates_item.php, graphs.php, graph_items.php,
    lib/api_automation.php, user_admin.php, and user_group_admin.php, as
    demonstrated by the description parameter in data_sources.php (Closes:
    #949997)

 -- Paul Gevers <email address hidden>  Thu, 13 Feb 2020 20:38:01 +0100
Published in stretch-release
cacti (0.8.8h+ds1-10+deb9u1) stretch-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * CVE-2019-17358: insufficient validation of form input leading to unsafe
    unserialization operations and memory corruption (Closes: #947375).

 -- Hugo Lefeuvre <email address hidden>  Sun, 29 Dec 2019 20:37:02 +0100
Superseded in buster-release
cacti (1.2.2+ds1-2+deb10u2) buster-security; urgency=medium

  * Non-maintainer upload by the Security Team.
  * Acknowledgements to Paul Gevers!
  * CVE-2019-17358: insufficient validation of form input leading to unsafe
    unserialization operations and memory corruption (Closes: #947375).
  * CVE-2019-17357: SQL injection vulnerability in graphs.php (Closes: #947374).
  * CVE-2019-16723: Authentication bypass allows unprivileged users to view all
    graphs (Closes: #941036).

 -- Hugo Lefeuvre <email address hidden>  Sun, 29 Dec 2019 19:53:28 +0100
Superseded in sid-release
cacti (1.2.8+ds1-1) unstable; urgency=medium

  * New upstream version 1.2.8+ds1
    CVE-2019-17357 When viewing graphs, some input variables are not
    properly checked (SQL injection possible) (Closes: #947374)
    CVE-2019-17358 When deserializating data, ensure basic sanitization
    has been performed (Closes: #947375)

 -- Paul Gevers <email address hidden>  Sat, 28 Dec 2019 17:44:58 +0100
Superseded in sid-release
cacti (1.2.7+ds1-1) unstable; urgency=medium

  * New upstream version 1.2.7+ds1
    CVE-2019-16723 Security issue allows to view all graphs (Closes:
    #941036)
  * Refresh and drop patches to match upstream

 -- Paul Gevers <email address hidden>  Sun, 06 Oct 2019 22:10:41 +0200
Superseded in sid-release
cacti (1.2.6+ds1-3) unstable; urgency=medium

  * Add 0001-Resolving-Issue-2984.patch to fix CI error

 -- Paul Gevers <email address hidden>  Sat, 28 Sep 2019 10:49:29 +0200
Superseded in sid-release
cacti (1.2.6+ds1-2) unstable; urgency=medium

  [ Paul Gevers]
  * Fix autopkgtest regression with 0001-Resolving-Issue-2899.patch from
    upstream
  * Apache skipped the php section in apache.conf since PHP 7 (Closes:
    #934898)
  * Translations were broken since 1.2.4+ds1-1. Import upstream solution
    enabling the use of php-phpmyadmin-motranslator.

  [ Rafael David Tinoco ]
  * Prepare sql commands for MySQL 8 (See: #933683)

 -- Paul Gevers <email address hidden>  Tue, 17 Sep 2019 20:31:04 +0200
Superseded in sid-release
cacti (1.2.6+ds1-1) unstable; urgency=medium

  * New upstream release 1.2.6
    - Refresh 07_cli-include-path.patch
  * Remove obsolete link to phpgettext

 -- Paul Gevers <email address hidden>  Thu, 05 Sep 2019 17:47:08 +0200
Superseded in buster-release
cacti (1.2.2+ds1-2+deb10u1) buster; urgency=medium

  * Depends i.s.o. Recommends on php-gmp as this is now a requirement of
    the upstream code (Closes: #930252)
  * Fix reading of snmp gauges (0001-Resolving-issue-2474.patch) (Closes:
    #930254)
  * Fix upgrade from stretch (0001-Resolving-issue-2482.patch); the
    upgrade code attempted to drop a non-existing primary key (Closes:
    #931702)

 -- Paul Gevers <email address hidden>  Tue, 16 Jul 2019 21:40:32 +0200
Superseded in sid-release
cacti (1.2.4+ds1-2) unstable; urgency=medium

  * tests: add new IMPORT messages to ignore filter

 -- Paul Gevers <email address hidden>  Mon, 15 Jul 2019 19:33:58 +0200
Superseded in sid-release
cacti (1.2.4+ds1-1) unstable; urgency=medium

  * New upstream release 1.2.4
    - Fixed upgrade script (Closes: #931702)
    - Fixed snmp gauges (Closes: #930254)
  * Depends i.s.o. Recommends on php-gmp (Closes: #930252)
  * Drop dependency on php-php-gettext as it is optional for cacti and it's
    going to be removed due to CVE-2016-6175
  * Refresh patches
  * Update d/debian.php.dist with changes in include/config.php

 -- Paul Gevers <email address hidden>  Sun, 14 Jul 2019 21:33:08 +0200
Superseded in buster-release
Superseded in sid-release
cacti (1.2.2+ds1-2) unstable; urgency=medium

  * Add 0001-Resolving-Issue-2581.patch from upstream (Closes: #926700)
    CVE-2019-11025: In clearFilter() in utilities.php no escaping occurs
    before printing out the value of the SNMP community string (SNMP
    Options) in the View poller cache, leading to XSS.

 -- Paul Gevers <email address hidden>  Tue, 09 Apr 2019 20:42:38 +0200

Available diffs

Superseded in buster-release
Superseded in sid-release
cacti (1.2.2+ds1-1) unstable; urgency=medium

  * New upstream release 1.2.2
  * tests: add one more exception for Ubuntu (Closes: #922437)
  * Depend on fonts-fork-awesome instead of fonts-font-awesome (Closes:
    #922779)
  * Fix typo in debian.php.dist (Closes: #922651)

 -- Paul Gevers <email address hidden>  Tue, 26 Feb 2019 21:48:07 +0100

Available diffs

Superseded in buster-release
Superseded in sid-release
cacti (1.2.1+ds1-2) unstable; urgency=medium

  * tests: add some items back that are seen on Ubuntu's setup
  * Migrate from libjs-chartjs to libjs-chart.js due to bug #922288

 -- Paul Gevers <email address hidden>  Thu, 14 Feb 2019 10:19:02 +0100
Superseded in buster-release
Superseded in sid-release
cacti (1.2.1+ds1-1) unstable; urgency=medium

  * New upstream release 1.2.1
    - spikekiller is now a class (Closes: #916814)
  * Upload to unstable
  * Bump dependency on libphp-phpmailer
  * Bump Standards (no changes)
  * Declare R³: binary-targets (Thanks lintian)

 -- Paul Gevers <email address hidden>  Sun, 27 Jan 2019 21:22:59 +0100

Available diffs

Superseded in buster-release
Superseded in sid-release
cacti (1.1.38+ds1-2) unstable; urgency=medium

  * [tests] Adapt for MariaDB 10.3 which triggers a new message in the
    log that doesn't seem to result in different output otherwise
  * [tests] Add mysql-server test back but with
    skip-not-installable. Debian has mariadb-server as
    default-mysql-server so we definitely want to test that. Ubuntu has
    mysql-server, so we also want to test that, but that isn't in
    testing. (Closes: #903238)

 -- Paul Gevers <email address hidden>  Thu, 27 Dec 2018 20:33:59 +0100
Deleted in experimental-release (Reason: None provided.)
cacti (1.2.0~beta4+ds1-1) experimental; urgency=medium

  * New upstream release 1.2.0-beta4
  * Refresh patches
  * Disable internal log rotation by default as Debian uses its own log
    rotate mechanism by default

 -- Paul Gevers <email address hidden>  Sun, 02 Dec 2018 20:51:32 +0100
Superseded in experimental-release
cacti (1.2.0~beta2+ds1-1) experimental; urgency=medium

  * New upstream release 1.2.0-beta1
  * CVE-2009-4112: remote authenticated administrators can gain
    privileges; circumvented via optional whitelisting (Closes: #561339)
  * Refresh patches
  * Drop most of
    enable-system-jqueryui-by-putting-cacti-changes-in-main.css.patch
  * Bump Standards to 4.2.1
  * Bump debhelper compat level
  * [tests] Add mysql-server test back but with
    skip-not-installable. Debian has mariadb-server as
    default-mysql-server so we definitely want to test that. Ubuntu has
    mysql-server, so we also want to test that, but that isn't in
    testing. (Closes: #903238)
  * Drop recursive chown from postins (thanks lintian)
  * Add perl-path.patch to make sh-bang in perl scripts compliant with
    policy (thanks lintian)
  * Add font-awesome-path.patch as the path to the css is slightly
    different in the system version
  * Add fix-update-for-beta-versions.patch to ensure updating works
  * Adapt documentation building as upstream reworked it completely

 -- Paul Gevers <email address hidden>  Sun, 28 Oct 2018 16:00:51 +0100
Superseded in buster-release
Superseded in sid-release
cacti (1.1.38+ds1-1) unstable; urgency=medium

  * New upstream release 1.1.38
  * [tests] Remove mysql-server test as it isn't available in testing

 -- Paul Gevers <email address hidden>  Wed, 18 Apr 2018 12:03:05 +0200
Superseded in buster-release
Superseded in sid-release
cacti (1.1.37+ds1-1) unstable; urgency=medium

  * New upstream release 1.1.37
  * CVE-2018-10059: (XSS) the get_current_page function in
    lib/functions.php relies on $_SERVER['PHP_SELF'] instead of
    $_SERVER['SCRIPT_NAME'] to determine a page name
  * CVE-2018-10060: (XSS) does not properly reject unintended characters,
    related to use of the sanitize_uri function in lib/functions.php
  * CVE-2018-10061: (XSS) makes certain htmlspecialchars calls without the
    ENT_QUOTES flag

 -- Paul Gevers <email address hidden>  Thu, 12 Apr 2018 17:43:13 +0200

Available diffs

Superseded in buster-release
Superseded in sid-release
cacti (1.1.36+ds1-1) unstable; urgency=medium

  * New upstream release 1.1.36
    - Refresh patches

 -- Paul Gevers <email address hidden>  Wed, 28 Feb 2018 16:22:50 +0100

Available diffs

Superseded in buster-release
Superseded in sid-release
cacti (1.1.35+ds1-1) unstable; urgency=medium

  * New upstream version 1.1.35
  * [tests] Fix for nofollow directive that prevented recursive crawl
    (Closes: #889893)
  * [tests] Prevent cron job from running
  * Add 0001-issue-1336-Fix-issue-with-config-not-being-defined-1.patch
    from upstream

 -- Paul Gevers <email address hidden>  Tue, 13 Feb 2018 19:26:14 +0100
Superseded in buster-release
Superseded in sid-release
cacti (1.1.34+ds1-1) unstable; urgency=medium

  * New upstream version 1.1.34
    - Includes updates for php7.2 (Closes: #889181)

 -- Paul Gevers <email address hidden>  Tue, 06 Feb 2018 22:31:34 +0100
Superseded in buster-release
Superseded in sid-release
cacti (1.1.31+ds1-1) unstable; urgency=medium

  * New upstream version 1.1.31
  * Update autopkgtest for new output since 1.1.29

 -- Paul Gevers <email address hidden>  Wed, 17 Jan 2018 18:50:00 +0100

Available diffs

Superseded in buster-release
Superseded in sid-release
cacti (1.1.30+ds1-1) unstable; urgency=medium

  * New upstream version 1.1.30

 -- Paul Gevers <email address hidden>  Fri, 05 Jan 2018 20:30:47 +0100

Available diffs

Superseded in buster-release
Superseded in sid-release
cacti (1.1.29+ds1-1) unstable; urgency=medium

  * New upstream version 1.1.29
  * Refresh documentation tar ball
  * Drop php-mysqlnd from alternative list of dependencies, it doesn't
    exist
  * Use dh-linktree embed-weakdep option to prevent strong dependencies
    (requires dh-linktree 0.5)

 -- Paul Gevers <email address hidden>  Wed, 27 Dec 2017 20:57:21 +0100

Available diffs

Superseded in buster-release
Superseded in sid-release
cacti (1.1.28+ds1-3) unstable; urgency=medium

  * Rebuild against new version of libjs-jquery-colorpicker (Closes:
    #884756)

 -- Paul Gevers <email address hidden>  Thu, 21 Dec 2017 21:16:13 +0100

Available diffs

Superseded in buster-release
Superseded in sid-release
cacti (1.1.28+ds1-2) unstable; urgency=medium

  * Add remove-global-mysql-command.patch (Closes: #882356)

 -- Paul Gevers <email address hidden>  Fri, 24 Nov 2017 11:07:11 +0100
Superseded in sid-release
cacti (1.1.28+ds1-1) unstable; urgency=medium

  * New upstream version 1.1.28
    - Drop applied patches
  * [tests] Allow time out to happen in the logs as Ubuntu's autopkgtest
    servers are often too slow

 -- Paul Gevers <email address hidden>  Sun, 19 Nov 2017 21:34:10 +0100

Available diffs

Superseded in buster-release
Superseded in sid-release
cacti (1.1.27+ds1-3) unstable; urgency=medium

  * CVE-2017-16641: remote authenticated administrators can execute
    arbitrary os commands via the path_rrdtool parameter in an action=save
    request to settings.php (Closes: #881110)
  * CVE-2017-16660: remote authenticated administrators can conduct Remote
    Code Execution attacks by placing the Log Path under the web root, and
    then making a remote_agent.php request containing PHP code in a
    Client-ip header
  * CVE-2017-16661: remote authenticated administrators can read arbitrary
    files accessible by the web-server user by placing the Log Path into a
    private directory, and then making a clog.php?filename= request
  * CVE-2017-16785: reflected XSS via the PATH_INFO to host.php
    (reintroduction of CVE-2017-15194)
  * Bump standards to 4.1.1
  * Set Priority to optional

 -- Paul Gevers <email address hidden>  Tue, 14 Nov 2017 20:14:34 +0100

Available diffs

Superseded in buster-release
Superseded in sid-release
cacti (1.1.27+ds1-2) unstable; urgency=medium

  * Add upstream commit b44eb52 as 0001-Another-crack-at-issue-1039.patch
    because they likely reintroduced part of CVE-2017-15194. Thanks to
    autopkgtest

 -- Paul Gevers <email address hidden>  Fri, 27 Oct 2017 14:41:48 +0200

Available diffs

Superseded in sid-release
cacti (1.1.27+ds1-1) unstable; urgency=medium

  * New upstream version 1.1.27
   - Drop CVE-2017-15194.patch again
  * [tests] Add new note to list of exceptions to fix failure

 -- Paul Gevers <email address hidden>  Mon, 23 Oct 2017 20:52:49 +0200
Superseded in buster-release
Superseded in sid-release
cacti (1.1.25+ds1-1) unstable; urgency=medium

  * New upstream version 1.1.25
  * Improve the override_dh_fixperms target as some files were
    unintentionally missed and thus make cacti reproducible again
  * CVE-2017-15194: XSS in global_session.php
    - Add CVE-2017-15194.patch (Closes: #878304)
    - Add check to autopkgtest

 -- Paul Gevers <email address hidden>  Fri, 13 Oct 2017 21:09:04 +0200
Superseded in buster-release
Superseded in sid-release
cacti (1.1.21+ds1-1) unstable; urgency=medium

  * New upstream version 1.1.21
  * Bump standards version to 4.1.0 (no changes)

 -- Paul Gevers <email address hidden>  Fri, 08 Sep 2017 14:48:59 +0200
Superseded in buster-release
Superseded in sid-release
cacti (1.1.18+ds1-1) unstable; urgency=medium

  * New upstream version 1.1.18
    - Drop patches from upstream and refresh the others
  * Bump standards version to 4.0.1 (no changes)
  * Stop installing csrf/LICENSE file (thanks lintian)

 -- Paul Gevers <email address hidden>  Sat, 19 Aug 2017 18:46:41 +0200

Available diffs

Superseded in sid-release
cacti (1.1.17+ds1-2) unstable; urgency=medium

  * CVE-2017-12927 XSS vulnerability in spikekill.php (Closes: #872478)
  * [tests] fix grep expression to unblock Ubuntu
  * [tests] Add improve-boost-logging-on-fresh-installs.patch and don't
    filter on the fixed messages
  * Fix typo in previous changelog message

 -- Paul Gevers <email address hidden>  Fri, 18 Aug 2017 21:15:23 +0200
Superseded in sid-release
cacti (1.1.17+ds1-1) unstable; urgency=medium

  * New upstream version 1.1.17
  * Make the autopkgtest strickter now upstream reduced the noise

 -- Paul Gevers <email address hidden>  Wed, 16 Aug 2017 14:04:31 +0200

Available diffs

Superseded in buster-release
Superseded in sid-release
cacti (1.1.16+ds1-1) unstable; urgency=medium

  * New upstream release
    - Fixes CVE-2017-12065 spikekill.php might allow remote attackers to
      execute arbitrary code via the avgnan, outlier-start, or outlier-end
      parameter (Closes: #870353)
    - Fixes CVE-2017-12066 Cross-site scripting (XSS) vulnerability in
      aggregate_graphs.php (Closes: #870354)

 -- Paul Gevers <email address hidden>  Thu, 03 Aug 2017 09:38:54 -0400

Available diffs

Superseded in buster-release
Superseded in sid-release
cacti (1.1.15+ds1-1) unstable; urgency=medium

  * New upstream release
    - Fixes CVE-2017-11691 Cross-site scripting (XSS) vulnerability in
      auth_profile.php (Closes: #869848)
  * Lower the Depends on dbc to include ~ to ease backports

 -- Paul Gevers <email address hidden>  Thu, 27 Jul 2017 10:40:05 -0400

Available diffs

Superseded in buster-release
Superseded in sid-release
cacti (1.1.13+ds1-1) unstable; urgency=medium

  * New upstream release
  * Update documentation from upstream

 -- Paul Gevers <email address hidden>  Fri, 14 Jul 2017 20:37:39 +0200

Available diffs

Superseded in buster-release
Superseded in sid-release
cacti (1.1.12+ds1-1) unstable; urgency=medium

  * New upstream release
  * CVE-2017-10970 XSS vulnerability via link.php fixed (Closes: #867532)
  * Add version to jquery-tablesorter
  * Make sure that autopkgtests at least run again

 -- Paul Gevers <email address hidden>  Fri, 07 Jul 2017 21:07:43 +0200
Superseded in sid-release
cacti (1.1.10+ds1-6) unstable; urgency=medium

  * Fix upgrade script to find the upgrade functions in the Debian file
    layout (Closes: #866773) Thanks to ISHIKAWA Mutsumi
  * Add upgrade code for grant on mysql.time_zone_name
  * Bump version of dbconfig-common to ensure we have the fix for postinst
    code working

 -- Paul Gevers <email address hidden>  Tue, 04 Jul 2017 07:16:45 +0200

Available diffs

Superseded in sid-release
cacti (1.1.10+ds1-5) unstable; urgency=medium

  * Fix piuparts issue where the scripts are changed due to loading the
    template files in the postinst script. See upstream bug #810. (Closes:
    #866140)

 -- Paul Gevers <email address hidden>  Tue, 27 Jun 2017 21:41:26 +0200

Available diffs

Superseded in sid-release
cacti (1.1.10+ds1-4) unstable; urgency=medium

  * Upload to unstable
  * Bump standards version to 4.0.0 (no changes)

 -- Paul Gevers <email address hidden>  Tue, 20 Jun 2017 21:45:13 +0200

Available diffs

Deleted in experimental-release (Reason: None provided.)
cacti (1.1.10+ds1-3) experimental; urgency=medium

  * Add texlive-formats-extra to the BD to get /usr/bin/pdfjadetex on the
    path ($HOME didn't solve it)

 -- Paul Gevers <email address hidden>  Fri, 16 Jun 2017 17:35:31 +0200
Superseded in experimental-release
cacti (1.1.10+ds1-2) experimental; urgency=medium

  * Define $HOME in d/rules to (hopefully) prevent FTBFS (which is
    unfortunately unreproducible in any of the setups I tested)

 -- Paul Gevers <email address hidden>  Thu, 15 Jun 2017 20:04:06 +0200
175 of 144 results