-
cacti (0.8.8f+ds1-2) unstable; urgency=medium
* Update loadavg_multi_locale_friendly.patch (Closes: #793401)
* Add missing manual.css (Closes: #783416)
* Fix d/rules override_dh_*configure target (Wasn't ever run,
althought that wasn't too bad until now)
-- Paul Gevers <email address hidden> Mon, 03 Aug 2015 19:58:53 +0200
-
cacti (0.8.8f+ds1-1) unstable; urgency=medium
* New upstream release fixing some regressions in 0.8.8e
-- Paul Gevers <email address hidden> Tue, 21 Jul 2015 21:59:40 +0200
-
cacti (0.8.8e+ds1-1) unstable; urgency=high
* Imported Upstream version 0.8.8e
- CVE-2015-4634 multiple SQL Injection vulnerabilities
* Add new jquery scripts to Files-Exculded
* Refresh patches
-- Paul Gevers <email address hidden> Wed, 15 Jul 2015 19:47:00 +0200
-
cacti (0.8.8d+ds1-1) unstable; urgency=high
* Upload to unstable
* New upstream release
- CVE-2015-2665 Cross-site scripting (XSS) vulnerability in Cacti
before 0.8.8d allows remote attackers to inject arbitrary web script
or HTML via unspecified vectors.
- CVE-2015-4342 SQL Injection and Location header injection from cdef id
- CVE-2015-4454 SQL injection vulnerability in the
get_hash_graph_template function in lib/functions.php in Cacti before
0.8.8d allows remote attackers to execute arbitrary SQL commands via
the graph_template_id parameter to graph_templates.php.
- Unassigned CVE VN:JVN#78187936 / TN:JPCERT#98968540 Fixed SQL injection
* Remove Sean from the list of uploaders. Thanks for all the fish
(Closes: #773436)
* Fix d/p/07_cli-include-path.patch (LP: #1433665)
* Update debian/patches/fix_php_strict_warning_in_ping.patch for partial
upstream fix
* Include the virtual alternative for the recommends on mysql-server
(Closes: #781982)
* Upstream dropped unused javascripts, remove them from d/copyright
* Add patch to have upgrade script mention version 0.8.8d i.s.o. 0.8.8c
-- Paul Gevers <email address hidden> Mon, 22 Jun 2015 19:59:13 +0200
-
cacti (0.8.8b+dfsg-8) unstable; urgency=high
* CVE-2014-5261
Unsufficient input sanitation leads to shell command injection
possibilities
* CVE-2014-5262
Incomplete and incorrect input parsing leads to SQL injection attack
scenarios
* Fix for CVE-2014-5043 was incomplete, improve patch
* Change CVE-2014-4002 patch to include upstream updated commits
-- Paul Gevers <email address hidden> Mon, 18 Aug 2014 19:57:43 +0200