Thank you for reporting this bug and helping to make Ubuntu better. The
package referred to in this bug is in universe or multiverse and
reported against a release of Ubuntu (hardy) which no longer receives
updates outside of the explicitly supported LTS packages. While the bug
against hardy is
This bug was fixed in the package cacti - 0.8.7e-2ubuntu0.1
---
cacti (0.8.7e-2ubuntu0.1) lucid-security; urgency=low
* SECURITY UPDATE: Fix SQL injection vulnerability in templates_export.php
(LP: #599892)
- debian/patches/CVE-2010-1431.patch: patch derived from upstream
Copied to lucid-security, too.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
https://bugs.launchpad.net/bugs/599892
Title:
[Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092
--
ubuntu-bugs mailing list
Unsubscribing ubuntu-security-sponsors. Please resubscribe if providing
another debdiff for review.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
https://bugs.launchpad.net/bugs/599892
Title:
[Security] cacti - CVE-2009-4032,
I tested this package pretty thoroughly before submitting the debdiff.
I installed it, added graphs, and verified that all the scripts that
were modified could be used successfully.
I'm sure you want a second pair of eyes on it though.
--
You received this bug notification because you are a
** Tags added: verification-done
** Tags removed: verification-needed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
https://bugs.launchpad.net/bugs/599892
Title:
[Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092
** Changed in: cacti (Ubuntu Lucid)
Status: In Progress = Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
https://bugs.launchpad.net/bugs/599892
Title:
[Security] cacti - CVE-2009-4032, CVE-2010-1431, and
** Branch linked: lp:ubuntu/lucid-proposed/cacti
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
https://bugs.launchpad.net/bugs/599892
Title:
[Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092
--
ubuntu-bugs
Pocket copied cacti to proposed. Please test and give feedback here. See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed. Thank you in advance!
** Tags added: verification-needed
** Tags removed: security-verification
--
You received this bug
To ubuntu-sru: if this passes the verification process, please also
pocket copy to security. Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
https://bugs.launchpad.net/bugs/599892
Title:
[Security] cacti - CVE-2009-4032,
ACK for lucid, though I updated the version to be -2ubuntu0.1 instead of
-2.1, following the versioning guide at
https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation
I'll upload this to security-proposed shortly. Thanks!
** Tags added: security-verification
** Changed in: cacti (Ubuntu Lucid)
** Changed in: cacti (Ubuntu)
Status: New = Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
https://bugs.launchpad.net/bugs/599892
Title:
[Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092
--
** Changed in: cacti (Ubuntu Lucid)
Status: Incomplete = New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
https://bugs.launchpad.net/bugs/599892
Title:
[Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092
--
** Patch removed: Lucid debdiff
https://bugs.launchpad.net/ubuntu/+source/cacti/+bug/599892/+attachment/1805141/+files/cacti_0.8.7e-2.1.debdiff
** Patch added: Updated Lucid debdiff
Sorry about that major oversight. The lucid debdiff should be complete
now.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
https://bugs.launchpad.net/bugs/599892
Title:
[Security] cacti - CVE-2009-4032, CVE-2010-1431, and
Jaunty is EOL.
** Changed in: cacti (Ubuntu Jaunty)
Status: Incomplete = Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
https://bugs.launchpad.net/bugs/599892
Title:
[Security] cacti - CVE-2009-4032,
Thanks for the debdiff Brian.
There seems to be parts missing from the 2010-254* patch...AFAICT, the
upstream commits are:
http://svn.cacti.net/viewvc?view=revrevision=6025
http://svn.cacti.net/viewvc?view=revrevision=6037
http://svn.cacti.net/viewvc?view=revrevision=6038
2009-4032 - Already patched
2009-4112 - Affected but of low importance; upstream has not provided a patch
2010-1431 - Patched
2010-1644 - Patched
2010-1645 - Patched
2010-2092 - Patched
2010-2543,2544,2545 - Patched
** Patch added: Lucid debdiff
CVE-2009-4032, CVE-2010-1644, CVE-2010-1645, CVE-2010-2543,
CVE-2010-2544, and CVE-2010-2545 are all fixed in 0.8.7g-1.
** Changed in: cacti (Ubuntu Maverick)
Assignee: Brian Thomason (brian-thomason) = Jamie Strandboge (jdstrand)
** Changed in: cacti (Ubuntu Maverick)
Status:
I am going to close the maverick task since I created a sync request for
it in https://bugs.edge.launchpad.net/ubuntu/+source/cacti/+bug/646909.
** Changed in: cacti (Ubuntu Maverick)
Status: Confirmed = Invalid
** Changed in: cacti (Ubuntu Maverick)
Assignee: Jamie Strandboge
** Tags added: jaunty karmic lucid maverick
--
[Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092
https://bugs.launchpad.net/bugs/599892
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
Unsubscribing ubuntu-security-sponsors since the debdiff is incomplete.
** Changed in: cacti (Ubuntu Lucid)
Status: Confirmed = Incomplete
** Changed in: cacti (Ubuntu Lucid)
Assignee: (unassigned) = Brian Thomason (brian-thomason)
** Changed in: cacti (Ubuntu Hardy)
Status:
Please resubscribe ubuntu-security-sponsors and set the status to 'NEW'
when the changes are complete. Thanks!
--
[Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092
https://bugs.launchpad.net/bugs/599892
You received this bug notification because you are a member of Ubuntu
Bugs,
Maverick is affected by CVE-2009-4032 for sure, and CVE-2009-4112 needs
to be investigated.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-4112
** Changed in: cacti (Ubuntu Maverick)
Status: Confirmed = Incomplete
--
[Security] cacti - CVE-2009-4032,
There are more security issues in cacti that need fixing:
cacti 0.8.7g fixes CVE-2010-2543, CVE-2010-2544, CVE-2010-2545
cacti 0.8.7f fixes CVE-2010-1644, CVE-2010-1645, CVE-2010-2092, CVE-2010-1431
** Visibility changed to: Public
** Changed in: cacti (Ubuntu)
Status: New = Confirmed
25 matches
Mail list logo
