-
cacti (1.1.38+ds1-1) unstable; urgency=medium
* New upstream release 1.1.38
* [tests] Remove mysql-server test as it isn't available in testing
-- Paul Gevers <email address hidden> Wed, 18 Apr 2018 12:03:05 +0200
-
cacti (1.1.37+ds1-1) unstable; urgency=medium
* New upstream release 1.1.37
* CVE-2018-10059: (XSS) the get_current_page function in
lib/functions.php relies on $_SERVER['PHP_SELF'] instead of
$_SERVER['SCRIPT_NAME'] to determine a page name
* CVE-2018-10060: (XSS) does not properly reject unintended characters,
related to use of the sanitize_uri function in lib/functions.php
* CVE-2018-10061: (XSS) makes certain htmlspecialchars calls without the
ENT_QUOTES flag
-- Paul Gevers <email address hidden> Thu, 12 Apr 2018 17:43:13 +0200
-
cacti (1.1.36+ds1-1) unstable; urgency=medium
* New upstream release 1.1.36
- Refresh patches
-- Paul Gevers <email address hidden> Wed, 28 Feb 2018 16:22:50 +0100
-
cacti (1.1.35+ds1-1) unstable; urgency=medium
* New upstream version 1.1.35
* [tests] Fix for nofollow directive that prevented recursive crawl
(Closes: #889893)
* [tests] Prevent cron job from running
* Add 0001-issue-1336-Fix-issue-with-config-not-being-defined-1.patch
from upstream
-- Paul Gevers <email address hidden> Tue, 13 Feb 2018 19:26:14 +0100
-
cacti (1.1.34+ds1-1) unstable; urgency=medium
* New upstream version 1.1.34
- Includes updates for php7.2 (Closes: #889181)
-- Paul Gevers <email address hidden> Tue, 06 Feb 2018 22:31:34 +0100
-
cacti (1.1.31+ds1-1ubuntu2) bionic; urgency=medium
* d/t/check-all-pages: correct message string.
-- Nishanth Aravamudan <email address hidden> Mon, 05 Feb 2018 16:19:36 -0800
-
cacti (1.1.31+ds1-1ubuntu1) bionic; urgency=medium
* debian/patches/php72_count_bc_changes.patch: PHP7.2 has deprecated
count() of non-Countable objects.
* debian/patches/update-cactisql.patch: Update cacti.sql for
readstring to community change.
* debian/tests/check-all-pages: add a new expected error message.
-- Nishanth Aravamudan <email address hidden> Fri, 02 Feb 2018 08:21:41 -0800
-
cacti (1.1.31+ds1-1) unstable; urgency=medium
* New upstream version 1.1.31
* Update autopkgtest for new output since 1.1.29
-- Paul Gevers <email address hidden> Wed, 17 Jan 2018 18:50:00 +0100
-
cacti (1.1.30+ds1-1) unstable; urgency=medium
* New upstream version 1.1.30
-- Paul Gevers <email address hidden> Fri, 05 Jan 2018 20:30:47 +0100
-
cacti (1.1.29+ds1-1) unstable; urgency=medium
* New upstream version 1.1.29
* Refresh documentation tar ball
* Drop php-mysqlnd from alternative list of dependencies, it doesn't
exist
* Use dh-linktree embed-weakdep option to prevent strong dependencies
(requires dh-linktree 0.5)
-- Paul Gevers <email address hidden> Wed, 27 Dec 2017 20:57:21 +0100
-
cacti (1.1.28+ds1-3) unstable; urgency=medium
* Rebuild against new version of libjs-jquery-colorpicker (Closes:
#884756)
-- Paul Gevers <email address hidden> Thu, 21 Dec 2017 21:16:13 +0100
-
cacti (1.1.28+ds1-2) unstable; urgency=medium
* Add remove-global-mysql-command.patch (Closes: #882356)
-- Paul Gevers <email address hidden> Fri, 24 Nov 2017 11:07:11 +0100
-
cacti (1.1.28+ds1-1) unstable; urgency=medium
* New upstream version 1.1.28
- Drop applied patches
* [tests] Allow time out to happen in the logs as Ubuntu's autopkgtest
servers are often too slow
-- Paul Gevers <email address hidden> Sun, 19 Nov 2017 21:34:10 +0100
-
cacti (1.1.27+ds1-3) unstable; urgency=medium
* CVE-2017-16641: remote authenticated administrators can execute
arbitrary os commands via the path_rrdtool parameter in an action=save
request to settings.php (Closes: #881110)
* CVE-2017-16660: remote authenticated administrators can conduct Remote
Code Execution attacks by placing the Log Path under the web root, and
then making a remote_agent.php request containing PHP code in a
Client-ip header
* CVE-2017-16661: remote authenticated administrators can read arbitrary
files accessible by the web-server user by placing the Log Path into a
private directory, and then making a clog.php?filename= request
* CVE-2017-16785: reflected XSS via the PATH_INFO to host.php
(reintroduction of CVE-2017-15194)
* Bump standards to 4.1.1
* Set Priority to optional
-- Paul Gevers <email address hidden> Tue, 14 Nov 2017 20:14:34 +0100
-
cacti (1.1.27+ds1-2) unstable; urgency=medium
* Add upstream commit b44eb52 as 0001-Another-crack-at-issue-1039.patch
because they likely reintroduced part of CVE-2017-15194. Thanks to
autopkgtest
-- Paul Gevers <email address hidden> Fri, 27 Oct 2017 14:41:48 +0200
-
cacti (1.1.18+ds1-1) unstable; urgency=medium
* New upstream version 1.1.18
- Drop patches from upstream and refresh the others
* Bump standards version to 4.0.1 (no changes)
* Stop installing csrf/LICENSE file (thanks lintian)
-- Paul Gevers <email address hidden> Sat, 19 Aug 2017 18:46:41 +0200