-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 22 Jun 2015 19:59:13 +0200
Source: cacti
Binary: cacti
Architecture: source all
Version: 0.8.8d+ds1-1
Distribution: unstable
Urgency: high
Maintainer: Cacti Maintainer <pkg-cacti-ma...@lists.alioth.debian.org>
Changed-By: Paul Gevers <elb...@debian.org>
Description:
cacti - web interface for graphing of monitoring systems
Closes: 773436 781982
Changes:
cacti (0.8.8d+ds1-1) unstable; urgency=high
.
* Upload to unstable
* New upstream release
- CVE-2015-2665 Cross-site scripting (XSS) vulnerability in Cacti
before 0.8.8d allows remote attackers to inject arbitrary web script
or HTML via unspecified vectors.
- CVE-2015-4342 SQL Injection and Location header injection from cdef id
- CVE-2015-4454 SQL injection vulnerability in the
get_hash_graph_template function in lib/functions.php in Cacti before
0.8.8d allows remote attackers to execute arbitrary SQL commands via
the graph_template_id parameter to graph_templates.php.
- Unassigned CVE VN:JVN#78187936 / TN:JPCERT#98968540 Fixed SQL injection
* Remove Sean from the list of uploaders. Thanks for all the fish
(Closes: #773436)
* Fix d/p/07_cli-include-path.patch (LP: #1433665)
* Update debian/patches/fix_php_strict_warning_in_ping.patch for partial
upstream fix
* Include the virtual alternative for the recommends on mysql-server
(Closes: #781982)
* Upstream dropped unused javascripts, remove them from d/copyright
* Add patch to have upgrade script mention version 0.8.8d i.s.o. 0.8.8c
Checksums-Sha1:
743203308ba9f8d5f1feee61029578133d95f0b3 1591 cacti_0.8.8d+ds1-1.dsc
e54690a07a4810f775ac97d2c0c0c64d4442c7e9 2242259 cacti_0.8.8d+ds1.orig.tar.gz
dc1023dd34c713cbb83c5f3a463c759f6a1275a9 45188 cacti_0.8.8d+ds1-1.debian.tar.xz
631880095a02e96e05bdb13363605163d461c7dc 1990230 cacti_0.8.8d+ds1-1_all.deb
Checksums-Sha256:
8c5b76a35cd2c4f525cc3fd2b16a7f7a9c7b4fb889f3fcc5503e17606da27907 1591
cacti_0.8.8d+ds1-1.dsc
f3a958e3e813d5e47bd14feb90d101a518469a563ea01a8b1e2918349b1770c0 2242259
cacti_0.8.8d+ds1.orig.tar.gz
c6c19aff5a2adf0764577fadfa3a9cccd67703a4cfcd44d7d8cb2119321f6e25 45188
cacti_0.8.8d+ds1-1.debian.tar.xz
077eecd87fecad8bc77bb03e9284a51d31c40408da3a4c2e618453816c8517d8 1990230
cacti_0.8.8d+ds1-1_all.deb
Files:
5415eb417c2d3ea59e6e2f5e1af64a36 1591 web extra cacti_0.8.8d+ds1-1.dsc
c118d6ee3287a2e37f57c1c67daba601 2242259 web extra cacti_0.8.8d+ds1.orig.tar.gz
40623c8fdb2b93cf226aeadd58aa7891 45188 web extra
cacti_0.8.8d+ds1-1.debian.tar.xz
c13bf46c6e6a7b8773852203d1a4a465 1990230 web extra cacti_0.8.8d+ds1-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJViE+1AAoJEJxcmesFvXUKWoAIALycu8arVrd4bOE87G1fM7P3
aK/n7l/tTk5Rw/C+sWQjrT/9LAl4NWR1ZoAQv/qJcU8FbKlBQ5uXSii1dsKHIGB0
1q5VPvJ7ia/U+e4tO0letT5PaAWhit37QpQw2oMfWeLlS3S1y/NG6W+cOVwkWNfr
fjt8Nb39121aPbVSgpMLuexhMitgOJRXTmgFsDdL9ZwrDvB7vhVwc7NelFEq4wrO
NbMi+DVbxWN7cGU08IUh1+87AhW5ZTdWXtbqz9ZuUBcBD2S0yeSh5u4kf4ME3LlW
pyryNCh4GMUaoEqSp7aRdENR9FiP5W6+oJ4KvB1z2I+zFv0dsytXI/0EcUoQUn4=
=/++t
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-devel-changes-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/e1z76j1-0004q4...@franck.debian.org
