Ubuntu
cacti package

Change logs for cacti source package in Wily

  1. Wily (15.10)
  2. Change log 
  • cacti (0.8.8f+ds1-2) unstable; urgency=medium

  * Update loadavg_multi_locale_friendly.patch (Closes: #793401)
  * Add missing manual.css (Closes: #783416)
  * Fix d/rules override_dh_*configure target (Wasn't ever run,
    althought that wasn't too bad until now)

 -- Paul Gevers <email address hidden>  Mon, 03 Aug 2015 19:58:53 +0200
  • cacti (0.8.8f+ds1-1) unstable; urgency=medium

  * New upstream release fixing some regressions in 0.8.8e

 -- Paul Gevers <email address hidden>  Tue, 21 Jul 2015 21:59:40 +0200
  • cacti (0.8.8e+ds1-1) unstable; urgency=high

  * Imported Upstream version 0.8.8e
    - CVE-2015-4634 multiple SQL Injection vulnerabilities
  * Add new jquery scripts to Files-Exculded
  * Refresh patches

 -- Paul Gevers <email address hidden>  Wed, 15 Jul 2015 19:47:00 +0200
  • cacti (0.8.8d+ds1-1) unstable; urgency=high

  * Upload to unstable
  * New upstream release
    - CVE-2015-2665 Cross-site scripting (XSS) vulnerability in Cacti
      before 0.8.8d allows remote attackers to inject arbitrary web script
      or HTML via unspecified vectors.
    - CVE-2015-4342 SQL Injection and Location header injection from cdef id
    - CVE-2015-4454 SQL injection vulnerability in the
      get_hash_graph_template function in lib/functions.php in Cacti before
      0.8.8d allows remote attackers to execute arbitrary SQL commands via
      the graph_template_id parameter to graph_templates.php.
    - Unassigned CVE VN:JVN#78187936 / TN:JPCERT#98968540 Fixed SQL injection
  * Remove Sean from the list of uploaders. Thanks for all the fish
    (Closes: #773436)
  * Fix d/p/07_cli-include-path.patch (LP: #1433665)
  * Update debian/patches/fix_php_strict_warning_in_ping.patch for partial
    upstream fix
  * Include the virtual alternative for the recommends on mysql-server
    (Closes: #781982)
  * Upstream dropped unused javascripts, remove them from d/copyright
  * Add patch to have upgrade script mention version 0.8.8d i.s.o. 0.8.8c

 -- Paul Gevers <email address hidden>  Mon, 22 Jun 2015 19:59:13 +0200
  • cacti (0.8.8b+dfsg-8) unstable; urgency=high


  * CVE-2014-5261
    Unsufficient input sanitation leads to shell command injection
    possibilities
  * CVE-2014-5262
    Incomplete and incorrect input parsing leads to SQL injection attack
    scenarios
  * Fix for CVE-2014-5043 was incomplete, improve patch
  * Change CVE-2014-4002 patch to include upstream updated commits

 -- Paul Gevers <email address hidden>  Mon, 18 Aug 2014 19:57:43 +0200