Change logs for cacti source package in Bionic

  • cacti (1.1.38+ds1-1) unstable; urgency=medium
    
      * New upstream release 1.1.38
      * [tests] Remove mysql-server test as it isn't available in testing
    
     -- Paul Gevers <email address hidden>  Wed, 18 Apr 2018 12:03:05 +0200
  • cacti (1.1.37+ds1-1) unstable; urgency=medium
    
      * New upstream release 1.1.37
      * CVE-2018-10059: (XSS) the get_current_page function in
        lib/functions.php relies on $_SERVER['PHP_SELF'] instead of
        $_SERVER['SCRIPT_NAME'] to determine a page name
      * CVE-2018-10060: (XSS) does not properly reject unintended characters,
        related to use of the sanitize_uri function in lib/functions.php
      * CVE-2018-10061: (XSS) makes certain htmlspecialchars calls without the
        ENT_QUOTES flag
    
     -- Paul Gevers <email address hidden>  Thu, 12 Apr 2018 17:43:13 +0200
  • cacti (1.1.36+ds1-1) unstable; urgency=medium
    
      * New upstream release 1.1.36
        - Refresh patches
    
     -- Paul Gevers <email address hidden>  Wed, 28 Feb 2018 16:22:50 +0100
  • cacti (1.1.35+ds1-1) unstable; urgency=medium
    
      * New upstream version 1.1.35
      * [tests] Fix for nofollow directive that prevented recursive crawl
        (Closes: #889893)
      * [tests] Prevent cron job from running
      * Add 0001-issue-1336-Fix-issue-with-config-not-being-defined-1.patch
        from upstream
    
     -- Paul Gevers <email address hidden>  Tue, 13 Feb 2018 19:26:14 +0100
  • cacti (1.1.34+ds1-1) unstable; urgency=medium
    
      * New upstream version 1.1.34
        - Includes updates for php7.2 (Closes: #889181)
    
     -- Paul Gevers <email address hidden>  Tue, 06 Feb 2018 22:31:34 +0100
  • cacti (1.1.31+ds1-1ubuntu2) bionic; urgency=medium
    
      * d/t/check-all-pages: correct message string.
    
     -- Nishanth Aravamudan <email address hidden>  Mon, 05 Feb 2018 16:19:36 -0800
  • cacti (1.1.31+ds1-1ubuntu1) bionic; urgency=medium
    
      * debian/patches/php72_count_bc_changes.patch: PHP7.2 has deprecated
        count() of non-Countable objects.
      * debian/patches/update-cactisql.patch: Update cacti.sql for
        readstring to community change.
      * debian/tests/check-all-pages: add a new expected error message.
    
     -- Nishanth Aravamudan <email address hidden>  Fri, 02 Feb 2018 08:21:41 -0800
  • cacti (1.1.31+ds1-1) unstable; urgency=medium
    
      * New upstream version 1.1.31
      * Update autopkgtest for new output since 1.1.29
    
     -- Paul Gevers <email address hidden>  Wed, 17 Jan 2018 18:50:00 +0100
  • cacti (1.1.30+ds1-1) unstable; urgency=medium
    
      * New upstream version 1.1.30
    
     -- Paul Gevers <email address hidden>  Fri, 05 Jan 2018 20:30:47 +0100
  • cacti (1.1.29+ds1-1) unstable; urgency=medium
    
      * New upstream version 1.1.29
      * Refresh documentation tar ball
      * Drop php-mysqlnd from alternative list of dependencies, it doesn't
        exist
      * Use dh-linktree embed-weakdep option to prevent strong dependencies
        (requires dh-linktree 0.5)
    
     -- Paul Gevers <email address hidden>  Wed, 27 Dec 2017 20:57:21 +0100
  • cacti (1.1.28+ds1-3) unstable; urgency=medium
    
      * Rebuild against new version of libjs-jquery-colorpicker (Closes:
        #884756)
    
     -- Paul Gevers <email address hidden>  Thu, 21 Dec 2017 21:16:13 +0100
  • cacti (1.1.28+ds1-2) unstable; urgency=medium
    
      * Add remove-global-mysql-command.patch (Closes: #882356)
    
     -- Paul Gevers <email address hidden>  Fri, 24 Nov 2017 11:07:11 +0100
  • cacti (1.1.28+ds1-1) unstable; urgency=medium
    
      * New upstream version 1.1.28
        - Drop applied patches
      * [tests] Allow time out to happen in the logs as Ubuntu's autopkgtest
        servers are often too slow
    
     -- Paul Gevers <email address hidden>  Sun, 19 Nov 2017 21:34:10 +0100
  • cacti (1.1.27+ds1-3) unstable; urgency=medium
    
      * CVE-2017-16641: remote authenticated administrators can execute
        arbitrary os commands via the path_rrdtool parameter in an action=save
        request to settings.php (Closes: #881110)
      * CVE-2017-16660: remote authenticated administrators can conduct Remote
        Code Execution attacks by placing the Log Path under the web root, and
        then making a remote_agent.php request containing PHP code in a
        Client-ip header
      * CVE-2017-16661: remote authenticated administrators can read arbitrary
        files accessible by the web-server user by placing the Log Path into a
        private directory, and then making a clog.php?filename= request
      * CVE-2017-16785: reflected XSS via the PATH_INFO to host.php
        (reintroduction of CVE-2017-15194)
      * Bump standards to 4.1.1
      * Set Priority to optional
    
     -- Paul Gevers <email address hidden>  Tue, 14 Nov 2017 20:14:34 +0100
  • cacti (1.1.27+ds1-2) unstable; urgency=medium
    
      * Add upstream commit b44eb52 as 0001-Another-crack-at-issue-1039.patch
        because they likely reintroduced part of CVE-2017-15194. Thanks to
        autopkgtest
    
     -- Paul Gevers <email address hidden>  Fri, 27 Oct 2017 14:41:48 +0200
  • cacti (1.1.18+ds1-1) unstable; urgency=medium
    
      * New upstream version 1.1.18
        - Drop patches from upstream and refresh the others
      * Bump standards version to 4.0.1 (no changes)
      * Stop installing csrf/LICENSE file (thanks lintian)
    
     -- Paul Gevers <email address hidden>  Sat, 19 Aug 2017 18:46:41 +0200