Ubuntu
cacti package

import_template contains the wrong path

Bug #1433665 reported by Chris E
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cacti (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

When using import_template from the command line, the following error is reported:

PHP Fatal error: Call to undefined function import_xml_data() in /usr/share/cacti/cli/import_template.php on line 100

This is fixable with the following change to the import_template.php file:

-include_once("../site/lib/import.php");
+include_once(dirname(__FILE__)."/../site/lib/import.php");

This is a previous bug that has apparently re-surfaced.

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: cacti 0.8.8b+dfsg-5 [modified: usr/share/cacti/cli/import_template.php]
ProcVersionSignature: Ubuntu 3.13.0-46.79-generic 3.13.11-ckt15
Uname: Linux 3.13.0-46-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.7
Architecture: amd64
Date: Wed Mar 18 15:33:59 2015
PackageArchitecture: all
SourcePackage: cacti
UpgradeStatus: No upgrade log present (probably fresh install)

Related branches

lp:debian/cacti
Revision history for this message
Chris E (cbz) wrote :
Revision history for this message
Paul Gevers (paul-climbing) wrote : Re: [Bug 1433665] [NEW] import_template contains the wrong path

Thanks for reporting this issue.
On 18-03-15 16:36, Chris E wrote:
> This is a previous bug that has apparently re-surfaced.

Would you be able to give me a link to the report (or bug number) as
that helps tracking why it resurfaced.

Paul

Revision history for this message
Chris E (cbz) wrote :

This bug was the previous bug:

https://bugs.launchpad.net/ubuntu/+source/cacti/+bug/933454

Revision history for this message
Paul Gevers (paul-climbing) wrote : Re: [Bug 1433665] Re: import_template contains the wrong path

On 18-03-15 20:52, Chris E wrote:
> This bug was the previous bug:
>
> https://bugs.launchpad.net/ubuntu/+source/cacti/+bug/933454

To be honest, I don't believe anymore that this was ever fixed if you
now say it is broken. It just looked like that, because the specific
line was changed in a debian patch.

Thanks for the report.

Paul

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cacti - 0.8.8d+ds1-1

---------------
cacti (0.8.8d+ds1-1) unstable; urgency=high

  * Upload to unstable
  * New upstream release
    - CVE-2015-2665 Cross-site scripting (XSS) vulnerability in Cacti
      before 0.8.8d allows remote attackers to inject arbitrary web script
      or HTML via unspecified vectors.
    - CVE-2015-4342 SQL Injection and Location header injection from cdef id
    - CVE-2015-4454 SQL injection vulnerability in the
      get_hash_graph_template function in lib/functions.php in Cacti before
      0.8.8d allows remote attackers to execute arbitrary SQL commands via
      the graph_template_id parameter to graph_templates.php.
    - Unassigned CVE VN:JVN#78187936 / TN:JPCERT#98968540 Fixed SQL injection
  * Remove Sean from the list of uploaders. Thanks for all the fish
    (Closes: #773436)
  * Fix d/p/07_cli-include-path.patch (LP: #1433665)
  * Update debian/patches/fix_php_strict_warning_in_ping.patch for partial
    upstream fix
  * Include the virtual alternative for the recommends on mysql-server
    (Closes: #781982)
  * Upstream dropped unused javascripts, remove them from d/copyright
  * Add patch to have upgrade script mention version 0.8.8d i.s.o. 0.8.8c

 -- Paul Gevers <email address hidden> Mon, 22 Jun 2015 19:59:13 +0200

Changed in cacti (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.