-
cacti (1.2.26+ds1-1) unstable; urgency=medium
* postinst/postrm: ensure DEBHELPER content is always run
* New upstream version 1.2.26+ds1
Fixes the following vulnerabilities: CVE-2023-49084, CVE-2023-49085,
CVE-2023-49086, CVE-2023-49088 CVE-2023-46490, CVE-2023-51448 and
CVE-2023-50250 (Closes: #1059254, #1059286)
* font-awesom-path.patch: refresh
* Depends on node-dompurify and link purify.js instead of using upstream
vendored version
-- Paul Gevers <email address hidden> Sun, 24 Dec 2023 21:46:33 +0100
-
cacti (1.2.25+ds1-2) unstable; urgency=medium
* change upstream CHANGELOG logic to accommodate Ubuntu FTBFS
* Update Vcs to point at Debian namespace to invite others
-- Paul Gevers <email address hidden> Thu, 21 Sep 2023 12:56:55 +0200
-
cacti (1.2.25+ds1-1) unstable; urgency=medium
* New upstream version 1.2.25+ds1
Fixes the following vulnerabilities: CVE-2023-39516,
CVE-2023-39515, CVE-2023-39514, CVE-2023-39513, CVE-2023-39512,
CVE-2023-39510, CVE-2023-39366, CVE-2023-39365, CVE-2023-39364,
CVE-2023-39362, CVE-2023-39361, CVE-2023-39360, CVE-2023-39359,
CVE-2023-39358, CVE-2023-39357 and CVE-2023-30534
* Refresh patches
-- Paul Gevers <email address hidden> Wed, 06 Sep 2023 20:58:14 +0200
-
cacti (1.2.24+ds1-1) unstable; urgency=medium
* New upstream version 1.2.24+ds1
* Refresh patches
-- Paul Gevers <email address hidden> Wed, 01 Mar 2023 22:06:58 +0100
-
cacti (1.2.23+ds1-2) unstable; urgency=medium
* d/rules: fix for new 'file' behavior (Closes: #1028764)
* Adapt for changes in php-phpmyadmin-motranslator (Closes: #1028141)
* d/rules: don't compress CHANGELOG symlink
* tests: several improvement + re-add my own old check-all-pages
-- Paul Gevers <email address hidden> Thu, 19 Jan 2023 10:30:29 +0100
-
cacti (1.2.23+ds1-1) unstable; urgency=medium
* New upstream version 1.2.23+ds1
* Refresh patches + drop patches from upstream
* Install all templates during first install instead of only the ones
from 2017
* Fix upstream issue #5127: importing templates fails
* Adapt check_all_pages testing to upstream changes by simplifying
Debian changes
* Fix ui-state-default color in classical theme (Closes: #972947)
* Drop apache2.2 support (only in oldoldoldstable by now)
* Drop debian/NEWS as it's old
* Update and add several lintian overrides
* Don't load external images in documentation to prevent privacy breach:
remove-external-images.patch
-- Paul Gevers <email address hidden> Thu, 05 Jan 2023 10:25:44 +0100
-
cacti (1.2.22+ds1-3) unstable; urgency=medium
[ Athos Ribeiro ]
* Update installing guides for NO_AUTO_CREATE_USER
[ Paul Gevers ]
* Add 7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216.patch to fix
CVE-2022-46169 (Closes: #1025648)
* Update debian.php.dist for the fix above to incorporate the
configuration changes in the package defaults
-- Paul Gevers <email address hidden> Tue, 06 Dec 2022 22:16:33 +0100
-
cacti (1.2.22+ds1-2) unstable; urgency=medium
[ Debian Janitor ]
* Remove constraints unnecessary since buster (oldstable)
* Set upstream metadata fields: Bug-Database, Bug-Submit, Repository-Browse.
* Update standards version to 4.6.1, no changes needed.
* Remove empty maintainer scripts: cacti (preinst)
[ Paul Gevers ]
* Add 31bfd4b5c1d33af02911441111a430597b9f1021.patch to fix php8.2
deprecation warnings (Closes: #1022229)
-- Paul Gevers <email address hidden> Wed, 02 Nov 2022 21:24:38 +0100
-
cacti (1.2.22+ds1-1) unstable; urgency=medium
* New upstream version 1.2.22+ds1
* Update 07_cli-include-path.patch
-- Paul Gevers <email address hidden> Tue, 06 Sep 2022 21:53:38 +0200
-
cacti (1.2.21+ds1-1) unstable; urgency=medium
* New upstream version 1.2.21+ds1
* Refresh and update old patch stack
* Replace dependency on libjs-d3 by node-d3 (Closes: #913385)
* README.Debian: reorder paragraphs (Closes: #979176)
-- Paul Gevers <email address hidden> Thu, 14 Jul 2022 17:05:21 +0200
-
cacti (1.2.20+ds1-2) unstable; urgency=medium
* Revert "Replace dependency on libjs-d3 by node-d3" (Opens: #913385)
node-d3 isn't ready to replace libjs-d3 as it's not available on armel
(bugs filed)
-- Paul Gevers <email address hidden> Fri, 22 Apr 2022 20:45:58 +0200
-
cacti (1.2.20+ds1-1) unstable; urgency=medium
* New upstream version 1.2.20+ds1
CVE-2022-0730: Under certain ldap conditions, Cacti authentication can
be bypassed with certain credential types. (Closes: #1008693)
* d/copyright: update
* strip away and replace some of the new midwinter theme like we do for
other themes
* Refresh patches and drop those that are part of 1.2.20
* cacti.links: drop dejavu links as cacti now finds system fonts by
itself
* Replace dependency on libjs-d3 by node-d3 (Closes: #913385)
* Replace broken package (Upstream bug: #4685)
* Fix multiple issues with new cli scripts (detected by test suite
failure)
-- Paul Gevers <email address hidden> Thu, 14 Apr 2022 10:16:39 +0200
-
cacti (1.2.19+ds1-2) unstable; urgency=medium
* Support cacti on PHP8.1 by incorporating upstream patches
* Support the use of a csrf secret key out of the box
-- Paul Gevers <email address hidden> Sun, 19 Dec 2021 22:03:28 +0100
-
cacti (1.2.19+ds1-1) unstable; urgency=medium
* New upstream version 1.2.19+ds1
- billboard.js replaces c3.*
- Drop obsolete patches
- Update 07_cli-include-path.patch to cover new cli
* watch: update to scan github as the downloads page doesn't work
anymore
* Building documentation in .github fails, don't do that as it's not
needed anyways
* [tests] use upstreams version of check_all_pages, but adapted
* [tests] run upstream check_cli_version.sh test
-- Paul Gevers <email address hidden> Mon, 22 Nov 2021 20:30:48 +0100
-
cacti (1.2.16+ds1-2) unstable; urgency=medium
* Add 0001-Fixing-Issue-4022.patch (Closes: #979998)
- CVE-2020-35701: SQL injection via data_debug.php
* Add 0001-Fixing-Issue-4019.patch
There are a few places in the current code where an attacker, once
having gained access to the Cacti database through a SQL injection,
could modify data in tables to possibly expose an stored XSS bug in
Cacti.
-- Paul Gevers <email address hidden> Sun, 17 Jan 2021 21:26:01 +0100
-
cacti (1.2.16+ds1-1) unstable; urgency=medium
* New upstream release 1.2.16
-- Paul Gevers <email address hidden> Fri, 11 Dec 2020 21:54:47 +0100
-
cacti (1.2.15+ds1-2) unstable; urgency=medium
* Add upstream patch to fix autopkgtest failure:
643766b909d0824b08c2ab6c7a82ac0055a5d730.patch
-- Paul Gevers <email address hidden> Fri, 06 Nov 2020 20:32:36 +0100
-
cacti (1.2.15+ds1-1) unstable; urgency=medium
* New upstream version 1.2.15
* Update font-awesome-path.patch
-- Paul Gevers <email address hidden> Tue, 03 Nov 2020 21:57:12 +0100
-
cacti (1.2.14+ds1-1) unstable; urgency=medium
* New upstream version 1.2.14
-- Paul Gevers <email address hidden> Thu, 27 Aug 2020 10:55:38 +0200
-
cacti (1.2.13+ds1-2) unstable; urgency=medium
* Enable upstream CHANGELOG to be viewed
-- Paul Gevers <email address hidden> Fri, 31 Jul 2020 21:31:50 +0200
-
cacti (1.2.13+ds1-1) unstable; urgency=medium
* New upstream version 1.2.13
- refresh 07_cli-include-path.patch
-- Paul Gevers <email address hidden> Mon, 27 Jul 2020 21:39:25 +0200
-
cacti (1.2.12+ds1-1) unstable; urgency=medium
* New upstream version 1.2.12
* Bump libphp-phpmailer dependency
* Update debian.php.dist to match updated include/config.php
-- Paul Gevers <email address hidden> Thu, 07 May 2020 22:09:43 +0200
-
cacti (1.2.11+ds1-1) unstable; urgency=medium
* New upstream version 1.2.11
- Refresh patch
* Update debian.php.dist to match updated include/config.php
-- Paul Gevers <email address hidden> Tue, 07 Apr 2020 22:22:16 +0200
-
cacti (1.2.10+ds1-1) unstable; urgency=medium
* New upstream version 1.2.10
CVE-2020-8813 graph_realtime.php allows remote attackers to execute
arbitrary OS commands via shell metacharacters in a cookie, if a guest
user has the graph real-time privilege (Closes: 951832)
-- Paul Gevers <email address hidden> Sun, 08 Mar 2020 21:26:46 +0100
-
cacti (1.2.9+ds1-1) unstable; urgency=medium
* New upstream version 1.2.9+ds1
CVE-2020-7106 Remote Code Execution (by privileged users) via shell
metacharacters in the Performance Boost Debug Log field of
poller_automation.php. (Closes: #949996)
CVE-2020-7237 Stored XSS in data_sources.php,
color_templates_item.php, graphs.php, graph_items.php,
lib/api_automation.php, user_admin.php, and user_group_admin.php, as
demonstrated by the description parameter in data_sources.php (Closes:
#949997)
-- Paul Gevers <email address hidden> Thu, 13 Feb 2020 20:38:01 +0100
-
cacti (1.2.8+ds1-1) unstable; urgency=medium
* New upstream version 1.2.8+ds1
CVE-2019-17357 When viewing graphs, some input variables are not
properly checked (SQL injection possible) (Closes: #947374)
CVE-2019-17358 When deserializating data, ensure basic sanitization
has been performed (Closes: #947375)
-- Paul Gevers <email address hidden> Sat, 28 Dec 2019 17:44:58 +0100
-
cacti (1.2.7+ds1-1) unstable; urgency=medium
* New upstream version 1.2.7+ds1
CVE-2019-16723 Security issue allows to view all graphs (Closes:
#941036)
* Refresh and drop patches to match upstream
-- Paul Gevers <email address hidden> Sun, 06 Oct 2019 22:10:41 +0200
-
cacti (1.2.6+ds1-3) unstable; urgency=medium
* Add 0001-Resolving-Issue-2984.patch to fix CI error
-- Paul Gevers <email address hidden> Sat, 28 Sep 2019 10:49:29 +0200
-
cacti (1.2.6+ds1-2) unstable; urgency=medium
[ Paul Gevers]
* Fix autopkgtest regression with 0001-Resolving-Issue-2899.patch from
upstream
* Apache skipped the php section in apache.conf since PHP 7 (Closes:
#934898)
* Translations were broken since 1.2.4+ds1-1. Import upstream solution
enabling the use of php-phpmyadmin-motranslator.
[ Rafael David Tinoco ]
* Prepare sql commands for MySQL 8 (See: #933683)
-- Paul Gevers <email address hidden> Tue, 17 Sep 2019 20:31:04 +0200
-
cacti (1.2.6+ds1-1) unstable; urgency=medium
* New upstream release 1.2.6
- Refresh 07_cli-include-path.patch
* Remove obsolete link to phpgettext
-- Paul Gevers <email address hidden> Thu, 05 Sep 2019 17:47:08 +0200
-
cacti (1.2.4+ds1-2) unstable; urgency=medium
* tests: add new IMPORT messages to ignore filter
-- Paul Gevers <email address hidden> Mon, 15 Jul 2019 19:33:58 +0200
-
cacti (1.2.4+ds1-1) unstable; urgency=medium
* New upstream release 1.2.4
- Fixed upgrade script (Closes: #931702)
- Fixed snmp gauges (Closes: #930254)
* Depends i.s.o. Recommends on php-gmp (Closes: #930252)
* Drop dependency on php-php-gettext as it is optional for cacti and it's
going to be removed due to CVE-2016-6175
* Refresh patches
* Update d/debian.php.dist with changes in include/config.php
-- Paul Gevers <email address hidden> Sun, 14 Jul 2019 21:33:08 +0200
-
cacti (1.2.2+ds1-2) unstable; urgency=medium
* Add 0001-Resolving-Issue-2581.patch from upstream (Closes: #926700)
CVE-2019-11025: In clearFilter() in utilities.php no escaping occurs
before printing out the value of the SNMP community string (SNMP
Options) in the View poller cache, leading to XSS.
-- Paul Gevers <email address hidden> Tue, 09 Apr 2019 20:42:38 +0200
-
cacti (1.2.2+ds1-1) unstable; urgency=medium
* New upstream release 1.2.2
* tests: add one more exception for Ubuntu (Closes: #922437)
* Depend on fonts-fork-awesome instead of fonts-font-awesome (Closes:
#922779)
* Fix typo in debian.php.dist (Closes: #922651)
-- Paul Gevers <email address hidden> Tue, 26 Feb 2019 21:48:07 +0100
-
cacti (1.2.1+ds1-2) unstable; urgency=medium
* tests: add some items back that are seen on Ubuntu's setup
* Migrate from libjs-chartjs to libjs-chart.js due to bug #922288
-- Paul Gevers <email address hidden> Thu, 14 Feb 2019 10:19:02 +0100
-
cacti (1.2.1+ds1-1) unstable; urgency=medium
* New upstream release 1.2.1
- spikekiller is now a class (Closes: #916814)
* Upload to unstable
* Bump dependency on libphp-phpmailer
* Bump Standards (no changes)
* Declare R³: binary-targets (Thanks lintian)
-- Paul Gevers <email address hidden> Sun, 27 Jan 2019 21:22:59 +0100
-
cacti (1.1.38+ds1-2) unstable; urgency=medium
* [tests] Adapt for MariaDB 10.3 which triggers a new message in the
log that doesn't seem to result in different output otherwise
* [tests] Add mysql-server test back but with
skip-not-installable. Debian has mariadb-server as
default-mysql-server so we definitely want to test that. Ubuntu has
mysql-server, so we also want to test that, but that isn't in
testing. (Closes: #903238)
-- Paul Gevers <email address hidden> Thu, 27 Dec 2018 20:33:59 +0100
-
cacti (1.1.38+ds1-1) unstable; urgency=medium
* New upstream release 1.1.38
* [tests] Remove mysql-server test as it isn't available in testing
-- Paul Gevers <email address hidden> Wed, 18 Apr 2018 12:03:05 +0200
-
cacti (1.1.37+ds1-1) unstable; urgency=medium
* New upstream release 1.1.37
* CVE-2018-10059: (XSS) the get_current_page function in
lib/functions.php relies on $_SERVER['PHP_SELF'] instead of
$_SERVER['SCRIPT_NAME'] to determine a page name
* CVE-2018-10060: (XSS) does not properly reject unintended characters,
related to use of the sanitize_uri function in lib/functions.php
* CVE-2018-10061: (XSS) makes certain htmlspecialchars calls without the
ENT_QUOTES flag
-- Paul Gevers <email address hidden> Thu, 12 Apr 2018 17:43:13 +0200
-
cacti (1.1.36+ds1-1) unstable; urgency=medium
* New upstream release 1.1.36
- Refresh patches
-- Paul Gevers <email address hidden> Wed, 28 Feb 2018 16:22:50 +0100
-
cacti (1.1.35+ds1-1) unstable; urgency=medium
* New upstream version 1.1.35
* [tests] Fix for nofollow directive that prevented recursive crawl
(Closes: #889893)
* [tests] Prevent cron job from running
* Add 0001-issue-1336-Fix-issue-with-config-not-being-defined-1.patch
from upstream
-- Paul Gevers <email address hidden> Tue, 13 Feb 2018 19:26:14 +0100
-
cacti (1.1.34+ds1-1) unstable; urgency=medium
* New upstream version 1.1.34
- Includes updates for php7.2 (Closes: #889181)
-- Paul Gevers <email address hidden> Tue, 06 Feb 2018 22:31:34 +0100
-
cacti (1.1.31+ds1-1) unstable; urgency=medium
* New upstream version 1.1.31
* Update autopkgtest for new output since 1.1.29
-- Paul Gevers <email address hidden> Wed, 17 Jan 2018 18:50:00 +0100
-
cacti (1.1.30+ds1-1) unstable; urgency=medium
* New upstream version 1.1.30
-- Paul Gevers <email address hidden> Fri, 05 Jan 2018 20:30:47 +0100
-
cacti (1.1.29+ds1-1) unstable; urgency=medium
* New upstream version 1.1.29
* Refresh documentation tar ball
* Drop php-mysqlnd from alternative list of dependencies, it doesn't
exist
* Use dh-linktree embed-weakdep option to prevent strong dependencies
(requires dh-linktree 0.5)
-- Paul Gevers <email address hidden> Wed, 27 Dec 2017 20:57:21 +0100
-
cacti (1.1.28+ds1-3) unstable; urgency=medium
* Rebuild against new version of libjs-jquery-colorpicker (Closes:
#884756)
-- Paul Gevers <email address hidden> Thu, 21 Dec 2017 21:16:13 +0100
-
cacti (1.1.28+ds1-2) unstable; urgency=medium
* Add remove-global-mysql-command.patch (Closes: #882356)
-- Paul Gevers <email address hidden> Fri, 24 Nov 2017 11:07:11 +0100
-
cacti (1.1.28+ds1-1) unstable; urgency=medium
* New upstream version 1.1.28
- Drop applied patches
* [tests] Allow time out to happen in the logs as Ubuntu's autopkgtest
servers are often too slow
-- Paul Gevers <email address hidden> Sun, 19 Nov 2017 21:34:10 +0100
-
cacti (1.1.27+ds1-3) unstable; urgency=medium
* CVE-2017-16641: remote authenticated administrators can execute
arbitrary os commands via the path_rrdtool parameter in an action=save
request to settings.php (Closes: #881110)
* CVE-2017-16660: remote authenticated administrators can conduct Remote
Code Execution attacks by placing the Log Path under the web root, and
then making a remote_agent.php request containing PHP code in a
Client-ip header
* CVE-2017-16661: remote authenticated administrators can read arbitrary
files accessible by the web-server user by placing the Log Path into a
private directory, and then making a clog.php?filename= request
* CVE-2017-16785: reflected XSS via the PATH_INFO to host.php
(reintroduction of CVE-2017-15194)
* Bump standards to 4.1.1
* Set Priority to optional
-- Paul Gevers <email address hidden> Tue, 14 Nov 2017 20:14:34 +0100
-
cacti (1.1.27+ds1-2) unstable; urgency=medium
* Add upstream commit b44eb52 as 0001-Another-crack-at-issue-1039.patch
because they likely reintroduced part of CVE-2017-15194. Thanks to
autopkgtest
-- Paul Gevers <email address hidden> Fri, 27 Oct 2017 14:41:48 +0200
-
cacti (1.1.27+ds1-1) unstable; urgency=medium
* New upstream version 1.1.27
- Drop CVE-2017-15194.patch again
* [tests] Add new note to list of exceptions to fix failure
-- Paul Gevers <email address hidden> Mon, 23 Oct 2017 20:52:49 +0200
-
cacti (1.1.25+ds1-1) unstable; urgency=medium
* New upstream version 1.1.25
* Improve the override_dh_fixperms target as some files were
unintentionally missed and thus make cacti reproducible again
* CVE-2017-15194: XSS in global_session.php
- Add CVE-2017-15194.patch (Closes: #878304)
- Add check to autopkgtest
-- Paul Gevers <email address hidden> Fri, 13 Oct 2017 21:09:04 +0200
-
cacti (1.1.21+ds1-1) unstable; urgency=medium
* New upstream version 1.1.21
* Bump standards version to 4.1.0 (no changes)
-- Paul Gevers <email address hidden> Fri, 08 Sep 2017 14:48:59 +0200
-
cacti (1.1.18+ds1-1) unstable; urgency=medium
* New upstream version 1.1.18
- Drop patches from upstream and refresh the others
* Bump standards version to 4.0.1 (no changes)
* Stop installing csrf/LICENSE file (thanks lintian)
-- Paul Gevers <email address hidden> Sat, 19 Aug 2017 18:46:41 +0200
-
cacti (1.1.17+ds1-2) unstable; urgency=medium
* CVE-2017-12927 XSS vulnerability in spikekill.php (Closes: #872478)
* [tests] fix grep expression to unblock Ubuntu
* [tests] Add improve-boost-logging-on-fresh-installs.patch and don't
filter on the fixed messages
* Fix typo in previous changelog message
-- Paul Gevers <email address hidden> Fri, 18 Aug 2017 21:15:23 +0200
-
cacti (1.1.17+ds1-1) unstable; urgency=medium
* New upstream version 1.1.17
* Make the autopkgtest strickter now upstream reduced the noise
-- Paul Gevers <email address hidden> Wed, 16 Aug 2017 14:04:31 +0200
-
cacti (1.1.16+ds1-1) unstable; urgency=medium
* New upstream release
- Fixes CVE-2017-12065 spikekill.php might allow remote attackers to
execute arbitrary code via the avgnan, outlier-start, or outlier-end
parameter (Closes: #870353)
- Fixes CVE-2017-12066 Cross-site scripting (XSS) vulnerability in
aggregate_graphs.php (Closes: #870354)
-- Paul Gevers <email address hidden> Thu, 03 Aug 2017 09:38:54 -0400
-
cacti (1.1.15+ds1-1) unstable; urgency=medium
* New upstream release
- Fixes CVE-2017-11691 Cross-site scripting (XSS) vulnerability in
auth_profile.php (Closes: #869848)
* Lower the Depends on dbc to include ~ to ease backports
-- Paul Gevers <email address hidden> Thu, 27 Jul 2017 10:40:05 -0400
-
cacti (1.1.13+ds1-1) unstable; urgency=medium
* New upstream release
* Update documentation from upstream
-- Paul Gevers <email address hidden> Fri, 14 Jul 2017 20:37:39 +0200
-
cacti (1.1.12+ds1-1) unstable; urgency=medium
* New upstream release
* CVE-2017-10970 XSS vulnerability via link.php fixed (Closes: #867532)
* Add version to jquery-tablesorter
* Make sure that autopkgtests at least run again
-- Paul Gevers <email address hidden> Fri, 07 Jul 2017 21:07:43 +0200
-
cacti (1.1.10+ds1-6) unstable; urgency=medium
* Fix upgrade script to find the upgrade functions in the Debian file
layout (Closes: #866773) Thanks to ISHIKAWA Mutsumi
* Add upgrade code for grant on mysql.time_zone_name
* Bump version of dbconfig-common to ensure we have the fix for postinst
code working
-- Paul Gevers <email address hidden> Tue, 04 Jul 2017 07:16:45 +0200
-
cacti (1.1.10+ds1-5) unstable; urgency=medium
* Fix piuparts issue where the scripts are changed due to loading the
template files in the postinst script. See upstream bug #810. (Closes:
#866140)
-- Paul Gevers <email address hidden> Tue, 27 Jun 2017 21:41:26 +0200
-
cacti (1.1.10+ds1-4) unstable; urgency=medium
* Upload to unstable
* Bump standards version to 4.0.0 (no changes)
-- Paul Gevers <email address hidden> Tue, 20 Jun 2017 21:45:13 +0200
-
cacti (0.8.8h+ds1-10) unstable; urgency=medium
* Fix upgrades from before 0.8.8h+ds1-8; that version started to ship
symlinks to directories in libjs-jquery-jstree without making sure
dpkg handled that properly during upgrades (Closes: #861858)
-- Paul Gevers <email address hidden> Fri, 05 May 2017 13:55:33 +0200
-
cacti (0.8.8h+ds1-9) unstable; urgency=medium
* Add enable_faster_polling_than_cron.patch to replace the use of the
deprecated split() function (Closes: #860271)
-- Paul Gevers <email address hidden> Thu, 13 Apr 2017 22:05:30 +0200
-
cacti (0.8.8h+ds1-8) unstable; urgency=medium
* Depend on libjs-jquery-jstree instead of using embedded version
* Replace use_debian_javascript_packages.patch with links to the Debian
packages instead (more transparent)
* Add fix_export_for_debian_packages.patch to avoid export failure
-- Paul Gevers <email address hidden> Wed, 14 Dec 2016 21:20:24 +0100
-
cacti (0.8.8h+ds1-7) unstable; urgency=medium
* Previous upload was screwed up. Doing it better this time I hope.
-- Paul Gevers <email address hidden> Sat, 10 Dec 2016 07:47:07 +0100
-
cacti (0.8.8h+ds1-6) unstable; urgency=medium
* Fix links for path change in libjs-jquery-ui-theme-ui-lightness,
hopefully bug #846515 will not get fixed
-- Paul Gevers <email address hidden> Wed, 07 Dec 2016 21:44:51 +0100
-
cacti (0.8.8h+ds1-5) unstable; urgency=medium
[ Emilio Pozuelo Monfort ]
* CVE-2016-2313-guest-auth.patch:
+ Fix regression in the fix for CVE-2016-2313 that broke guest user
logins. Thanks to Matus Uhlar for the report. (Closes: #833420)
[ Paul Gevers ]
* Recommend default-mysql-server instead of MariaDB and MySQL
-- Paul Gevers <email address hidden> Mon, 05 Sep 2016 21:10:12 +0200
-
cacti (0.8.8h+ds1-4) unstable; urgency=medium
* Improve autopkgtest situation and avoid failure when it is not needed
-- Paul Gevers <email address hidden> Thu, 16 Jun 2016 22:11:20 +0200
-
cacti (0.8.8h+ds1-3) unstable; urgency=medium
* Save more log files during autopkgtesting
* Add check on errors during testing (Closes: #825644)
* Add javascript-common to Depends to ensure jquery is usable
-- Paul Gevers <email address hidden> Fri, 10 Jun 2016 20:20:04 +0200
-
cacti (0.8.8h+ds1-2) unstable; urgency=medium
* Update make_cacti_sql_mode-strict_compatible.patch to also drop
ONLY_FULL_GROUP_BY (Follow-up for LP: #1578144)
* Lower versioned dependency on libphp-adodb to be Ubuntu compatible
-- Paul Gevers <email address hidden> Thu, 02 Jun 2016 22:06:59 +0200
-
cacti (0.8.8h+ds1-1) unstable; urgency=medium
* New upstream release
- CVE-2016-3659 SQL Injection Vulnerability in graph_view.php (Closes:
#820521)
* Drop obsolete patches (applied upstream)
* Update tests to depend on javascript-common
* Don't test lighttpd for now
* Drop jquery.js from the source (wasn't used anyways in Debian), so no
need to document it in d/copyright
* Add make_cacti_sql_mode-strict_compatible.patch to enable cacti to
work with the default settings of MySQL 5.7 (LP: #1578144)
-- Paul Gevers <email address hidden> Sat, 14 May 2016 22:26:35 +0200
-
cacti (0.8.8g+ds1-3) unstable; urgency=medium
* Bump standards (no changes)
* Fix noninteractive install failure
* Reorder test Depends in the hope that MySQL|MariaDB-server get setup
before cacti
* Refresh all patches
* Take over patch 11_1571432_mysqli.patch from Ubuntu (although not
really needed anymore) to fix mysqli extension in the install script
(LP: #1571432)
-- Paul Gevers <email address hidden> Fri, 29 Apr 2016 14:08:05 +0200
-
cacti (0.8.8g+ds1-2) unstable; urgency=medium
[ Paul Gevers ]
* Next upstream version, strip include/js/jquery.js from source
* Make sure the web-interface doesn't ask unnecessary questions after
install (Closes: #783447)
* Use the MySQL connection password as initial password for the admin
user (Closes: #783446) and mention this in the NEWS.Debian file
* Improve fix for CVE-2016-2313 such that it doesn't cause a regression
for setups that rely on http authentication of users unknown to cacti.
- Add improve_fix_for_CVE-2016-2313.patch
* Full update of README.Debian
* CVE-2016-3172
- Add CVE-2016-3172_sql-injection-in-tree.php.patch (Closes: #818647)
* Update Brazilian Portuguese, thanks to Diego Neves (Closes: #816962)
* Drop old code in postinst to (re)move old configuration files this is
already fixed in jessie
* Bump version for libphp-adodb as mysqli doesn't work otherwise
* Add new php-xml & php-mbstring to Depends for php7.0
* Add add_rrdtool-1.5_to_utilities.php.patch to prevent error in
utilities.php with rrdtool version 1.5
* Remove Mahyuddin from uploaders (thanks for the fish)
[ Nishanth Aravamudan ]
* Update to PHP7.0 dependencies (LP: #1544352)
* Default to mysqli driver for database connection, as the mysql driver
has been removed in PHP7.0 (LP: #1544352) (Closes: #815987)
-- Paul Gevers <email address hidden> Sun, 17 Apr 2016 19:55:43 +0200
-
cacti (0.8.8g+ds1-1) unstable; urgency=medium
* New upstream release
- CVE-2016-2313 (closes: #814353)
- Drop included patches
* Update d/copyright with new years
* Enable installation on MariaDB by forcing the collation to latin1
* Add mariadb-server to list of recommends
* Update Vcs-* fields to https
-- Paul Gevers <email address hidden> Fri, 26 Feb 2016 13:50:34 +0100
-
cacti (0.8.8f+ds1-4) unstable; urgency=medium
* CVE-2015-8377: Fix SQL Injection vulnerability in graphs_new.php
* CVE-2015-8604: Fix SQL Injection vulnerability in graphs_new.php
* Depend on dbconfig-mysql or dbconfig-no-thanks instead of
dbconfig-common and mysql-client
* Bump compat level to 9
* Drop useless CFLAGS declaration in d/rules
* Drop cacti.sql_drop_tables_to_begin.patch as dbconfig-common now does
that.
* Add dependency on libjs-jquery now that version is high enough and
update use_debian_javascript_packages.patch to use it.
-- Paul Gevers <email address hidden> Sat, 09 Jan 2016 13:16:04 +0100
-
cacti (0.8.8f+ds1-3) unstable; urgency=high
* Add upstream patch to fix
- CVE-2015-8369 SQL Injection vulnerability in graph.php
-- Paul Gevers <email address hidden> Sat, 12 Dec 2015 14:03:40 +0100
-
cacti (0.8.8f+ds1-2) unstable; urgency=medium
* Update loadavg_multi_locale_friendly.patch (Closes: #793401)
* Add missing manual.css (Closes: #783416)
* Fix d/rules override_dh_*configure target (Wasn't ever run,
althought that wasn't too bad until now)
-- Paul Gevers <email address hidden> Mon, 03 Aug 2015 19:58:53 +0200
-
cacti (0.8.8f+ds1-1) unstable; urgency=medium
* New upstream release fixing some regressions in 0.8.8e
-- Paul Gevers <email address hidden> Tue, 21 Jul 2015 21:59:40 +0200
-
cacti (0.8.8e+ds1-1) unstable; urgency=high
* Imported Upstream version 0.8.8e
- CVE-2015-4634 multiple SQL Injection vulnerabilities
* Add new jquery scripts to Files-Exculded
* Refresh patches
-- Paul Gevers <email address hidden> Wed, 15 Jul 2015 19:47:00 +0200
-
cacti (0.8.8d+ds1-1) unstable; urgency=high
* Upload to unstable
* New upstream release
- CVE-2015-2665 Cross-site scripting (XSS) vulnerability in Cacti
before 0.8.8d allows remote attackers to inject arbitrary web script
or HTML via unspecified vectors.
- CVE-2015-4342 SQL Injection and Location header injection from cdef id
- CVE-2015-4454 SQL injection vulnerability in the
get_hash_graph_template function in lib/functions.php in Cacti before
0.8.8d allows remote attackers to execute arbitrary SQL commands via
the graph_template_id parameter to graph_templates.php.
- Unassigned CVE VN:JVN#78187936 / TN:JPCERT#98968540 Fixed SQL injection
* Remove Sean from the list of uploaders. Thanks for all the fish
(Closes: #773436)
* Fix d/p/07_cli-include-path.patch (LP: #1433665)
* Update debian/patches/fix_php_strict_warning_in_ping.patch for partial
upstream fix
* Include the virtual alternative for the recommends on mysql-server
(Closes: #781982)
* Upstream dropped unused javascripts, remove them from d/copyright
* Add patch to have upgrade script mention version 0.8.8d i.s.o. 0.8.8c
-- Paul Gevers <email address hidden> Mon, 22 Jun 2015 19:59:13 +0200
-
cacti (0.8.8b+dfsg-8) unstable; urgency=high
* CVE-2014-5261
Unsufficient input sanitation leads to shell command injection
possibilities
* CVE-2014-5262
Incomplete and incorrect input parsing leads to SQL injection attack
scenarios
* Fix for CVE-2014-5043 was incomplete, improve patch
* Change CVE-2014-4002 patch to include upstream updated commits
-- Paul Gevers <email address hidden> Mon, 18 Aug 2014 19:57:43 +0200
-
cacti (0.8.8b+dfsg-7) unstable; urgency=medium
* Fix regression caused by fixing CVE-2014-4002 at least plugin autom8
was unusable (Closes: #755032)
* Security update
- CVE-2014-5025 Cross Site Scripting Vulnerability
- CVE-2014-5026 Cross Site Scripting Vulnerability
- CVE-2014-5043 Cross Site Scripting Vulnerability
-- Paul Gevers <email address hidden> Thu, 24 Jul 2014 21:56:48 +0200
-
cacti (0.8.8b+dfsg-6) unstable; urgency=high
* Add alternative php5-mysql | php5-mysqlnd (Closes: #744067)
* Security update (Closes: #742768, #752573)
- CVE-2014-2327 Cross Site Request Forgery Vulnerability
- CVE-2014-4002 Cross-Site Scripting Vulnerability
-- Paul Gevers <email address hidden> Wed, 25 Jun 2014 22:33:53 +0200
-
cacti (0.8.8b+dfsg-5) unstable; urgency=high
* Fix postinst for lighttpd setups which fail on update due to
lighty-enable-mod exiting with non-zero if config is already loaded
(Closes: 743727)
-- Paul Gevers <email address hidden> Sun, 06 Apr 2014 19:59:12 +0200
-
cacti (0.8.8b+dfsg-4) unstable; urgency=high
* Security update (Closes: 743565)
- CVE-2014-2326 Cross-site scripting (XSS) vulnerability
- CVE-2014-2328 Unspecified Remote Command Execution Vulnerability
- CVE-2014-2708 SQL injection
- CVE-2014-2709 Unspecified Remote Command Execution Vulnerability
* Bump standards (no changes needed)
* Fix VCS-Browser field
* Fix license paragraph of jstree (Thanks lintian)
-- Paul Gevers <email address hidden> Sat, 05 Apr 2014 13:03:22 +0200
-
cacti (0.8.8b+dfsg-3) unstable; urgency=low
* Fix Cross site scripting (upstream bug 2383)
CVE-2013-5588
* Fix SQL injection in host.php (upstream bug 2383)
CVE-2013-5589
* Fix upgrade script in cli directory for latest releases
* Automatically upgrade database during package update (prevents upstream
bug 2377)
* The code to enable lighttpd configuration from LP: #1132415 was broken
-- Paul Gevers <email address hidden> Tue, 27 Aug 2013 20:43:21 +0200
-
cacti (0.8.8b+dfsg-2) unstable; urgency=low
* CVE-2013-1435 fix cause a regression in the handling of empty COMMENT
lines in the rrd legend. Fixed by upstream:
fix_COMMENT_in_graph_regression_from_CVE-2013-1435.patch (Closes: #719156)
* Update jquery stylesheet to provide the cacti background color
-- Paul Gevers <email address hidden> Fri, 09 Aug 2013 22:34:26 +0200
-
cacti (0.8.8b+dfsg-1) unstable; urgency=low
* New upstream release
- Fixes SQL or command line injection via snmp settings or
graph creation or edition that allows privileged users to execute
arbitrary SQL commands or command line commands. CVE-2013-1434 and
CVE-2013-1435
- poller_cache_rebuild_on_install.patch included
* Add d/rules get-orig-source target and accompanying script
* Update japanese translation, thank victory (Closes: #717203)
* Update vcs-* fields (thanks lintian)
* Update standards (no changes needed)
* Update years and my address in d/copyright
* Allow any php5 SAPI provider to satify cacti dependency, thanks
Ondřej Surý (php5 maintainer). Thus reverting the solution to bug
#654843 as the original report was not a bug but a reporter mistake.
libapache2-mod-fcgid does not provide php5 SAPI.
-- Paul Gevers <email address hidden> Wed, 07 Aug 2013 20:46:58 +0200
-
cacti (0.8.8a+dfsg-7) unstable; urgency=low
* Fix typo in cacti.postrm which prevented proper purging (Closes: #707010)
* Update use_jquery_for_debian.patch to not load jquery-cookie if it is
not installed on the system (Closes: #708001)
-- Paul Gevers <email address hidden> Sat, 18 May 2013 12:14:02 +0200
-
cacti (0.8.8a+dfsg-6) unstable; urgency=low
* Improve maintenance scripts
- Prepare cacti configuration for Apache2.4 according to
http://wiki.debian.org/Apache/PackagingFor24
- Improve cacti.config to fix dpkg-reconfigure behavior for httpd's.
- Restart lighttpd if needed (LP: #1132415)
- Remove obsolete (Sarge) preinst code
* Fix the lighttpd config template for absolute path (see LP: #1132415)
* Lintian triggered improvements:
- Update watch file for +dfsg in the version
- Add dependency on mysql-client (next to virtual-mysql-client)
* Bug fixes:
- Add patch loadavg_multi_locale_friendly.patch to allow uptime script to
work independent of the local locale (Closes: #704057)
- Add patch fix_php_strict_warning_in_ping.patch to fix php 5.4 warnings
(Closes: #694159)
- Add patch poller_cache_rebuild_on_install.patch to start filling the
auto-generated graphs upon installation (Upstream: 2229)
* Move configuration files away from /usr/share/doc/cacti (policy 12.3)
* Remove obsolete RM-Upload-Allowed from d/control
* Revisited README.Debian
-- Paul Gevers <email address hidden> Sun, 05 May 2013 16:41:13 +0200
-
cacti (0.8.8a+dfsg-5) unstable; urgency=low
* Update debian/NEWS.Debian to explain the recommended packages for the tree,
which seem to be not installed by default upon upgrade, and make sure it is
actually installed.
-- Paul Gevers <email address hidden> Thu, 11 Apr 2013 19:57:35 +0200
-
cacti (0.8.8a+dfsg-4) unstable; urgency=low
* Improve jquery tree patch to show trees multilevel (Closes: #702690)
-- Paul Gevers <email address hidden> Mon, 01 Apr 2013 08:03:11 +0200
-
cacti (0.8.8a+dfsg-3) unstable; urgency=low
* Fixed typo in recommends libjs-jquery* i.s.o. libjs-query (Closes: #700999)
-- Paul Gevers <email address hidden> Tue, 19 Feb 2013 20:33:20 +0100
-
cacti (0.8.8a+dfsg-2) unstable; urgency=low
* Upload to unstable after acknowledge by the RT, see #694850.
-- Paul Gevers <email address hidden> Tue, 29 Jan 2013 20:41:05 +0100
-
cacti (0.8.8a-3) unstable; urgency=low
* Update postrm with new debconf answers (Closes: #673764)
-- Paul Gevers <email address hidden> Mon, 21 May 2012 20:22:18 +0200
-
cacti (0.8.8a-2) unstable; urgency=low
* Use ts to timestamp poller errors in cron when available and add moreutils
to suggests.
* Add suhosin.memory_limit to cron and poller (Closes: #566609)
* Add dependency on ${perl:Depends} as the dependency on perl was missing
* Use a template based on config.php for debian.php creation to include
non-database options and get rid of 01_config.php.patch by creating link
to debian.php instead. Update two dependent patches.
* Add different sub folders to local resource in d/dirs
* Add cacti.sql_ensure_cron_works.patch to prevent failure of crontab after
install as the paths to rrdtool and php are not set.
* Add cacti.sql_drop_tables_to_begin.patch patch to work around bug 665742
where dbconfig-common does not drop the tables during reconfigure so we have
to do it on population of the database to prevent errors.
* Update d/copyright to include proper license info for jscalendar and
treeview (this last one needs action). Also update Cacti's license as it
has been GPL-2+ all along.
* Readded debconf question option for lighttpd lost in commit 98fed9b while
preventing the need to call for new translations. Use lower-case apache2 and
lighttpd as package names at the same time.
* Update 08_563955_local_data_id.patch with upstream bug number
* Improve rra removal on purge (one higher level directory) in postrm
-- Paul Gevers <email address hidden> Sat, 19 May 2012 07:56:04 +0200
-
cacti (0.8.8a-1) unstable; urgency=low
* New upstream release.
- Now includes plugin architecture (Closes: #406766)
- Don't use define_syslog_variables() (Closes: #668261)
- Allow external auth behind proxy (Closes: #660853)
* Update patches, remove last two now applied upstream
* Update d/watch to prevent selection of PIA tar ball
* Repaired old entries in d/changelog where non-ascii characters got mangled
* Remove d/s/local-options as they are for, well, local options
* Make link to cacti.sql instead of copying data again
* Remove unnecessary directories from dirs as they are generated as needed
* Clean up of debian rules for short-hand dh
- Moved permission and ownership fixes to override_dh_fixperms
- Use 644 and 755 instead of 640 and 750 as per policy (except for rra)
- Remove lib/adodb on clean (instead of build)
- Use debian/cacti.install to define which files to install where
* d/post(rm|inst) now also (un)registers with ufcr and clean-up of long
obsolete /etc/cacti/default-poller
* Append error output of poller to poller-error.log i.s.o overwriting
(Closes: #669339) and make sure the ownership/permissions are right
* Update README.Debian with info about plugin architecture
-- Paul Gevers <email address hidden> Tue, 01 May 2012 09:57:18 +0200
-
cacti (0.8.7i-3) unstable; urgency=low
[ Mahyuddin Susanto ]
* debian/patches/01_config.php.patch: refreshed to fix error
on upgrade because /etc/cacti/debian.php has been rewrite
during installation. (Closes: #654352), Thanks to Michael Reincke.
* debian/control: Move apache to recommends to allow other web-server to
be installed. (Closes: #654843)
* debian/cacti.templates: Updated debconf template and package description,
suggested by debian-l10n-english. (Closes: #653897)
* Update debconf translations:
- Spanish by Javier Fernández-Sanguino Peña (Closes: #656405)
- French by Christian Perrier (Closes: #657280)
- Polish by Michał Kułach. (Closes: #657294)
- Danish by Joe Hansen. (Closes: #657339)
- Dutch by Jeroen Schot. (Closes: #657468)
- Swedish by Martin Bagge. (Closes: #657546)
- Indonesian by Mahyuddin Susanto. (Closes: #657609)
- Russian by Yuri Kozlov. (Closes: #657705)
[ Sean Finney ]
* Remove lighttpd.conf at postrm purge time
* Add Paul Gevers to Uploaders field
[ Paul Gevers ]
* More updated debconf translations, thanks to Christian Perrier.
- German (Chris Leick). (Closes: #658396)
- Czech (Miroslav Kure). (Closes: #658752)
- Portuguese (Rui Branco). (Closes: #659167)
- Italian (Beatrice Torracca). (Closes: #659401)
- Basque (Iñaki Larrañaga Murgoitio). (Closes: #660641)
* Bump Standard-Version to 3.9.3 (no changes).
* session_unregister was removed in php 5.4, add patch
11_remove_deprecated_session_unregister (Closes: #665280)
* Update d/rules to fix changed output from /usr/bin/file for PHP executable
files (Closes: #665243)
-- Paul Gevers <email address hidden> Thu, 29 Mar 2012 20:55:17 +0200
-
cacti (0.8.7i-2) unstable; urgency=low
* Cherry-pick upstream patches
- debian/patches/10_settings_checkbox.patch
* debian/patches/05_no-adodb.patch: Updates, add semicolon at line 190.
(Closes: #653863)
* Updated last changelog to mention security bug.
-- Mahyuddin Susanto <email address hidden> Mon, 02 Jan 2012 14:11:15 +0700
-
cacti (0.8.7i-1) unstable; urgency=low
* New upstream release. (Closes: #642971)
- Fix Ping query. (Closes: #616320, #561488)
* debian/control:
- Bump Standard-Version to 3.9.2, no source changes.
- Change Maintainer to pkg-cacti. (Closes: #613857)
- Add Sean and myself as uploaders.
- Change Vcs-* to pkg-cacti.
* debian/copyright: Rewriting as per dep5 format.
* debian/source: Added to mentioning quilt patch system.
* debian/README.source: Deleted, not needed anymore
* debian/patches/09_use-utf8.patch: Use UTF-8 while creating database and
producing RRD, Thanks to Slavko <email address hidden>. (Closes: #604395)
* Refreshed pathces:
- debian/patches/01_config.php.patch
- debian/patches/05_no-adodb.patch
- debian/patches/06_config_settings.php_cactid_path.patch
- debian/patches/07_cli-include-path.patch (Closes: #604396)
- debian/patches/08_563955_local_data_id.patch (Closes: #563955)
* Drop patches apllied upstream:
- 606062_ping.pl.patch
- data_source_deactivate.patch
- graph_list_view.patch
- html_output.patch
- ldap_group_authenication.patch
- ping.patch
- poller_interval.patch
- script_server_command_line_parse.patch
* Add Lighttpd support:
- debian/docs: updated
- debian/cacti.lighttpd.conf: added
- debian/cacti.{postinst|postrm|templates}: updated
-- Mahyuddin Susanto <email address hidden> Fri, 30 Dec 2011 16:47:42 +0700
-
cacti (0.8.7g-2.1) unstable; urgency=low
* Non-maintainer upload. * Fix pending l10n issues. Debconf translations: - French (Christian Perrier). Closes: #614903 - German (Chris Leick). Closes: #619663 - Russian (Yuri Kozlov). Closes: #623795 - Indonesian (Mahyuddin Susanto). Closes: #623886 - Japanese (Hideki Yamane). Closes: #624821 - Danish (Joe Hansen). Closes: #625482 - Dutch; (Luk Claes). Closes: #625529 - Spanish; (Francisco Javier Cuadrado). Closes: #627032 - Swedish (Martin Bagge / brother). Closes: #628928 - Czech (Miroslav Kure). Closes: #631596 - Basque (Ander Goñi). Closes: #631900 - Portuguese (Rui Branco). Closes: #631982 -- Christian Perrier <email address hidden> Wed, 29 Jun 2011 06:57:56 +0200
-
cacti (0.8.7g-2) unstable; urgency=low
* import 2 new "official" upstream patches * Cherry-pick upstream fix for ping output parsing (Closes: #606062). * Lintian: - Update Standards-Version to 3.9.1 (no changes necessary) - Bump versioned Build-Dep on debhelper to >= 5 - Update config and postrm maintainer scripts to run with set -e - Remove un-needed chmodding of php files in debian/rules - Ensure the non-php files in the scripts dir are executable - Update debconf template description to remove question from text. - Selectively fix executable permissions on some files in the cli dir - Include a README.source mentioning quilt * Update debconf choices and default value for webserver configuration * Update all debian/po files after changing debconf template -- Sean Finney <email address hidden> Sun, 20 Feb 2011 15:33:58 +0100
-
cacti (0.8.7g-1) unstable; urgency=low
* New upstream release (Closes: #592465).
* Update context in 05_no-adodb.patch to remove fuzz.
* Remove "official" patches from previous release.
* Remove 563955_undefined_index_local_data_id.patch, incorporated upstream.
* Remove CVE-2010-2092.patch, incorporated upstream.
* Import new batch of "official" upstream patches.
* Update apache configuration to work in FastCGI deployments (Closes: #593203).
- thanks to Thijs Kinkhorst <email address hidden> (Closes: #578909).
-- Sean Finney <email address hidden> Tue, 17 Aug 2010 22:22:02 +0200
-
cacti (0.8.7e-4) unstable; urgency=high
* Forward-port fix for CVE-2010-2092 from stable package (Closes: #582691)
-- Sean Finney <email address hidden> Fri, 11 Jun 2010 21:08:02 +0000
-
cacti (0.8.7e-3) unstable; urgency=high
* Import upstream fix for SQL injection vulnerability (no CVE assigned yet)
- thanks to Thijs Kinkhorst <email address hidden> (Closes: #578909).
-- Sean Finney <email address hidden> Sat, 24 Apr 2010 17:54:20 +0200
-
cacti (0.8.7e-2) unstable; urgency=low
* Import 2 new "official" patches from upstream
* Italian debconf translation
- thanks to Alessandro De Zorzi <email address hidden> (Closes: #548447)
* Fix for "Undefined index: local_data_id in graphs_new.php"
- new debian patch 563955_undefined_index_local_data_id.patch
- thanks to Teodor MICU <email address hidden> (Closes: #563955)
* Fix for "must not RE-add /etc/apache2/conf.d/cacti.conf link on upgrade"
- thanks to Patrick Schoenfeld <email address hidden> (Closes: #561477)
* Bump debhelper compatibility level to 5
-- Sean Finney <email address hidden> Sun, 24 Jan 2010 21:39:46 +0100
-
cacti (0.8.7e-1.1) unstable; urgency=high
* Non-maintainer upload by the security team
* Fix several cross-site scriptings via different vectors
Fixes: CVE-2009-4032
-- Steffen Joeris <email address hidden> Wed, 16 Dec 2009 12:06:20 +0100
-
cacti (0.8.7e-1) unstable; urgency=low
* New upstream release (Closes: #541490).
[ Sean Finney ]
* fix path to global.php in cli scripts (Closes: #525024).
- thanks to Jean-François Masure <email address hidden>
* add a watch file to track upstream updates (Closes: #527066).
- thanks to Laurent Bigonville <email address hidden>
* downgrade Depends on logrotate to a Recommends (Closes: #526997).
- thanks to Russ Allbery <email address hidden>
* updates to (eu,ru,ja) debconf translations
- eu: Piarres Beobide <email address hidden> (Closes: #535636).
- ru: Yuri Kozlov <email address hidden> (Closes: #535820).
- ja: Hideki Yamane (Debian-JP) <email address hidden> (Closes: #546229).
[ Sander Klein ]
* Change location of docs/text to docs/txt
* Removed 'Official' patches for 0.8.7d since they are not needed anymore
* Import 'Official' patches for 0.8.7e
* Make cli-include-path.patch apply
* use ':' with chown instead of deprecated '.'
* suggested spelling/grammar changes from lintian for ./debian/control
-- Sean Finney <email address hidden> Mon, 14 Sep 2009 23:42:32 +0200
-
cacti (0.8.7d-1) unstable; urgency=low
* Imported Upstream version 0.8.7d
* update/massage/remove patches for new upstream release
* import new "official" patches for 0.8.7d
* remove obsolete dependencies on php4 packages (Closes: #514342)
* update default apache config php options (Closes: #459594)
* add Homepage field to control file (Closes: #494811)
* add Suggests: php5-ldap for ldap authentication (Closes: #496854) -
thanks to Paul Nijjar <email address hidden>
* call ucf with --debconf-ok in postinst
* copy cli directory to /usr/share/cacti (Closes: #483556)
* add gbp.conf for git-buildpackage and friends
-- Sean Finney <email address hidden> Sun, 29 Mar 2009 17:51:10 +0200
-
cacti (0.8.7b-2.1) unstable; urgency=low
* Non-maintainer upload to fix pending l10n issues.
* Debconf translations:
- Basque. Closes: #479538
- Turkish. Closes: #491497
- Finnish. Closes: #492395
- Russian. Closes: #492550
- Galician. Closes: #493306
- Japanese. Closes: #493346
* [Lintian] Properly spell MySQL in package description
* [Lintian] Wrap the debian/copyright file to 80 characters
-- Christian Perrier <email address hidden> Fri, 18 Jul 2008 19:28:34 +0200
