Changelog
cacti (1.2.9+ds1-1ubuntu1) focal; urgency=medium
* Merge with Debian unstable (LP: #1863739). Remaining changes:
- General installing instructions update for NO_AUTO_CREATE_USER.
- Use new dbconfig "dbc_authplugin" variable to mitigate MySQL 8 issues.
* Dropped changes [upstream]:
- MySQL 8 change needs: NO_AUTO_CREATE_USER and grouping keyword.
* Dropped changes [debian]:
- Replace php-php-gettext dependency in order to fix translations
(LP #1844070)
cacti (1.2.9+ds1-1) unstable; urgency=medium
* New upstream version 1.2.9+ds1
CVE-2020-7106 Remote Code Execution (by privileged users) via shell
metacharacters in the Performance Boost Debug Log field of
poller_automation.php. (Closes: #949996)
CVE-2020-7237 Stored XSS in data_sources.php,
color_templates_item.php, graphs.php, graph_items.php,
lib/api_automation.php, user_admin.php, and user_group_admin.php, as
demonstrated by the description parameter in data_sources.php (Closes:
#949997)
cacti (1.2.8+ds1-1) unstable; urgency=medium
* New upstream version 1.2.8+ds1
CVE-2019-17357 When viewing graphs, some input variables are not
properly checked (SQL injection possible) (Closes: #947374)
CVE-2019-17358 When deserializating data, ensure basic sanitization
has been performed (Closes: #947375)
cacti (1.2.7+ds1-1) unstable; urgency=medium
* New upstream version 1.2.7+ds1
CVE-2019-16723 Security issue allows to view all graphs (Closes:
#941036)
* Refresh and drop patches to match upstream
cacti (1.2.6+ds1-3) unstable; urgency=medium
* Add 0001-Resolving-Issue-2984.patch to fix CI error
cacti (1.2.6+ds1-2) unstable; urgency=medium
[ Paul Gevers]
* Fix autopkgtest regression with 0001-Resolving-Issue-2899.patch from
upstream
* Apache skipped the php section in apache.conf since PHP 7 (Closes:
#934898)
* Translations were broken since 1.2.4+ds1-1. Import upstream solution
enabling the use of php-phpmyadmin-motranslator.
[ Rafael David Tinoco ]
* Prepare sql commands for MySQL 8 (See: #933683)
-- Rafael David Tinoco <email address hidden> Tue, 18 Feb 2020 13:28:26 +0000