-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : cacti Version : 0.8.7g-1+squeeze7 CVE ID : CVE-2015-4634 Debian Bug : NA
Several SQL injection vulnerabilities were discovered in cacti, a frontend to rrdtool for monitoring systems and service: CVE-2015-4634 SQL injection vulnerability in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands in graphs.php Currently unknown or unassigned CVE's SQL injection vulnerability in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands in cdef.php, color.php, data_input.php, data_queries.php, data_sources.php, data_templates.php, gprint_presets.php, graph_templates.php, graph_templates_items.php, graphs_items.php, host.php, host_templates.php, lib/functions.php, rra.php, tree.php and user_admin.php For the oldoldstable distribution (squeeze), these problems have been fixed in version 0.8.7g-1+squeeze7. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJVrSoHAAoJEJxcmesFvXUK6X0H/Au9XtqDqgWa3jeCVwDo62ZU dxDJCyPgA/7vEA2sS36waEB/9QZvpUYYJXAWnmqm8UxQVFdLxZBsxqlTsmUkfsSo cnsa3KdiJAutAgUAFkYSZ8oSXzzlK5uDb7tROgd2kwPVN/BXLjs6U1LzHbWmdeO8 eYCU5jofkcbXPwyxpTEBtpTeT2DFl+Gv7Ldv9OjSEBb2c2C9FOyWj21Kva9YuQwF Sgd8ajUnGvhO3XFINGLDxkdWBu0ZIleNjVeHrxICylfhp/23vwPbgaQCNAsIVBoK 5xVvZk+OUPC9fRjEON2qMn6SxDqhI8fZYgrLMDUI2jSrdxTXGBm3tIATYDwWrT4= =4u8y -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
