Ubuntu
cacti package

Change logs for cacti source package in Utopic

  1. Utopic (14.10)
  2. Change log 
  • cacti (0.8.8b+dfsg-8+deb8u1build0.14.10.1) utopic-security; urgency=medium

  * fake sync from Debian (LP: #1210822)

cacti (0.8.8b+dfsg-8+deb8u1) jessie-security; urgency=high

  * Security update
    - CVE-2015-2665 Cross-site scripting (XSS) vulnerability in Cacti
      before 0.8.8d allows remote attackers to inject arbitrary web script
      or HTML via unspecified vectors.
    - CVE-2015-4342 SQL Injection and Location header injection from cdef
      id
    - CVE-2015-4454 SQL injection vulnerability in the
      get_hash_graph_template function in lib/functions.php in Cacti before
      0.8.8d allows remote attackers to execute arbitrary SQL commands via
      the graph_template_id parameter to graph_templates.php.
    - Unassigned CVE SQL injection VN:JVN#78187936 / TN:JPCERT#98968540

 -- Steve Beattie <email address hidden>  Tue, 30 Jun 2015 10:23:46 -0700
  • cacti (0.8.8b+dfsg-8) unstable; urgency=high


  * CVE-2014-5261
    Unsufficient input sanitation leads to shell command injection
    possibilities
  * CVE-2014-5262
    Incomplete and incorrect input parsing leads to SQL injection attack
    scenarios
  * Fix for CVE-2014-5043 was incomplete, improve patch
  * Change CVE-2014-4002 patch to include upstream updated commits

 -- Paul Gevers <email address hidden>  Mon, 18 Aug 2014 19:57:43 +0200
  • cacti (0.8.8b+dfsg-7) unstable; urgency=medium


  * Fix regression caused by fixing CVE-2014-4002 at least plugin autom8
    was unusable (Closes: #755032)
  * Security update
    - CVE-2014-5025 Cross Site Scripting Vulnerability
    - CVE-2014-5026 Cross Site Scripting Vulnerability
    - CVE-2014-5043 Cross Site Scripting Vulnerability

 -- Paul Gevers <email address hidden>  Thu, 24 Jul 2014 21:56:48 +0200
  • cacti (0.8.8b+dfsg-6) unstable; urgency=high


  * Add alternative php5-mysql | php5-mysqlnd (Closes: #744067)
  * Security update (Closes: #742768, #752573)
    - CVE-2014-2327 Cross Site Request Forgery Vulnerability
    - CVE-2014-4002 Cross-Site Scripting Vulnerability

 -- Paul Gevers <email address hidden>  Wed, 25 Jun 2014 22:33:53 +0200
  • cacti (0.8.8b+dfsg-5) unstable; urgency=high


  * Fix postinst for lighttpd setups which fail on update due to
    lighty-enable-mod exiting with non-zero if config is already loaded
    (Closes: 743727)

 -- Paul Gevers <email address hidden>  Sun, 06 Apr 2014 19:59:12 +0200