another update, the security release for cacti has been delayed due to complications backporting the security fix into the version in woody, which is a major release (and rewrite) behind the versions in sarge and sid.
joey from the security team provided an initial attempt at backporting the backport to woody, but unfortunately it was not sufficient to completely address the vulnerability. it also did not include fixes for the second set of vulnerabilities released by the hardened-php project. having spent more time hacking on it than i'd have liked, i've now produced a new version of the backport, which i believe should address all of the relevant security issues. it can be found at the following uris: deb http://people.debian.org/~seanius/cacti/woody ./ deb-src http://people.debian.org/~seanius/cacti/woody ./ all this said, i think it should be strongly emphasized that upstream is no longer supporting the woody version of cacti and does not provide updates for it, and users should be advised to upgrade to at least the version in sarge ASAP. i'm also not convinced that there aren't other security issues in the woody version, but can at least feel reasonably comfortable that of the recently published vulnerabilities woody's cacti should be okay with this new revision. joey, mike, et al: is there anything else you need from me? thanks, sean --
signature.asc
Description: Digital signature