Ubuntu
cacti package

Change logs for cacti source package in Focal

  1. Focal (20.04)
  2. Change log 
  • cacti (1.2.10+ds1-1ubuntu1) focal; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - General installing instructions update for NO_AUTO_CREATE_USER.
      (refreshed when merging with debian 1.2.9+ds1-1)
    - Use new dbconfig "dbc_authplugin" variable to mitigate MySQL 8 issues.
      (refreshed when merging with debian 1.2.9+ds1-1)
    - d/p/fix-32bit-ip-conversion.patch: fix netmask generation on 32bit
      architectures (LP #1865067)
  * d/p/0001-PHP-7.4-Array-and-string-offset-access-syntax-with-c.patch
    - Fix deprecated curly bracket style syntax

 -- Bryce Harrington <email address hidden>  Mon, 23 Mar 2020 22:08:43 +0000
  • cacti (1.2.9+ds1-1ubuntu2) focal; urgency=medium

  * d/p/fix-32bit-ip-conversion.patch: fix netmask generation on 32bit
    architectures (LP: #1865067)

 -- Andreas Hasenack <email address hidden>  Mon, 02 Mar 2020 14:52:15 -0300
  • cacti (1.2.9+ds1-1ubuntu1) focal; urgency=medium

  * Merge with Debian unstable (LP: #1863739). Remaining changes:
    - General installing instructions update for NO_AUTO_CREATE_USER.
    - Use new dbconfig "dbc_authplugin" variable to mitigate MySQL 8 issues.
  * Dropped changes [upstream]:
    - MySQL 8 change needs: NO_AUTO_CREATE_USER and grouping keyword.
  * Dropped changes [debian]:
    - Replace php-php-gettext dependency in order to fix translations
      (LP #1844070)

cacti (1.2.9+ds1-1) unstable; urgency=medium

  * New upstream version 1.2.9+ds1
    CVE-2020-7106 Remote Code Execution (by privileged users) via shell
    metacharacters in the Performance Boost Debug Log field of
    poller_automation.php. (Closes: #949996)
    CVE-2020-7237 Stored XSS in data_sources.php,
    color_templates_item.php, graphs.php, graph_items.php,
    lib/api_automation.php, user_admin.php, and user_group_admin.php, as
    demonstrated by the description parameter in data_sources.php (Closes:
    #949997)

cacti (1.2.8+ds1-1) unstable; urgency=medium

  * New upstream version 1.2.8+ds1
    CVE-2019-17357 When viewing graphs, some input variables are not
    properly checked (SQL injection possible) (Closes: #947374)
    CVE-2019-17358 When deserializating data, ensure basic sanitization
    has been performed (Closes: #947375)

cacti (1.2.7+ds1-1) unstable; urgency=medium

  * New upstream version 1.2.7+ds1
    CVE-2019-16723 Security issue allows to view all graphs (Closes:
    #941036)
  * Refresh and drop patches to match upstream

cacti (1.2.6+ds1-3) unstable; urgency=medium

  * Add 0001-Resolving-Issue-2984.patch to fix CI error

cacti (1.2.6+ds1-2) unstable; urgency=medium

  [ Paul Gevers]
  * Fix autopkgtest regression with 0001-Resolving-Issue-2899.patch from
    upstream
  * Apache skipped the php section in apache.conf since PHP 7 (Closes:
    #934898)
  * Translations were broken since 1.2.4+ds1-1. Import upstream solution
    enabling the use of php-phpmyadmin-motranslator.

  [ Rafael David Tinoco ]
  * Prepare sql commands for MySQL 8 (See: #933683)

 -- Rafael David Tinoco <email address hidden>  Tue, 18 Feb 2020 13:28:26 +0000
  • cacti (1.2.4+ds1-2ubuntu3) eoan; urgency=medium

  * Replace php-php-gettext dependency in order to fix translations
    (LP: #1844070)

 -- Graham Inggs <email address hidden>  Thu, 19 Sep 2019 10:30:52 +0000