Change log for cacti package in Debian

175 of 103 results
Published in buster-release on 2019-03-10
Published in sid-release on 2019-02-27
cacti (1.2.2+ds1-1) unstable; urgency=medium

  * New upstream release 1.2.2
  * tests: add one more exception for Ubuntu (Closes: #922437)
  * Depend on fonts-fork-awesome instead of fonts-font-awesome (Closes:
    #922779)
  * Fix typo in debian.php.dist (Closes: #922651)

 -- Paul Gevers <email address hidden>  Tue, 26 Feb 2019 21:48:07 +0100

Available diffs

Superseded in buster-release on 2019-03-10
Superseded in sid-release on 2019-02-28
cacti (1.2.1+ds1-2) unstable; urgency=medium

  * tests: add some items back that are seen on Ubuntu's setup
  * Migrate from libjs-chartjs to libjs-chart.js due to bug #922288

 -- Paul Gevers <email address hidden>  Thu, 14 Feb 2019 10:19:02 +0100
Superseded in buster-release on 2019-02-25
Superseded in sid-release on 2019-02-14
cacti (1.2.1+ds1-1) unstable; urgency=medium

  * New upstream release 1.2.1
    - spikekiller is now a class (Closes: #916814)
  * Upload to unstable
  * Bump dependency on libphp-phpmailer
  * Bump Standards (no changes)
  * Declare R³: binary-targets (Thanks lintian)

 -- Paul Gevers <email address hidden>  Sun, 27 Jan 2019 21:22:59 +0100

Available diffs

Superseded in buster-release on 2019-02-02
Superseded in sid-release on 2019-01-29
cacti (1.1.38+ds1-2) unstable; urgency=medium

  * [tests] Adapt for MariaDB 10.3 which triggers a new message in the
    log that doesn't seem to result in different output otherwise
  * [tests] Add mysql-server test back but with
    skip-not-installable. Debian has mariadb-server as
    default-mysql-server so we definitely want to test that. Ubuntu has
    mysql-server, so we also want to test that, but that isn't in
    testing. (Closes: #903238)

 -- Paul Gevers <email address hidden>  Thu, 27 Dec 2018 20:33:59 +0100
Deleted in experimental-release (Reason: None provided.)
cacti (1.2.0~beta4+ds1-1) experimental; urgency=medium

  * New upstream release 1.2.0-beta4
  * Refresh patches
  * Disable internal log rotation by default as Debian uses its own log
    rotate mechanism by default

 -- Paul Gevers <email address hidden>  Sun, 02 Dec 2018 20:51:32 +0100
Superseded in experimental-release on 2018-12-03
cacti (1.2.0~beta2+ds1-1) experimental; urgency=medium

  * New upstream release 1.2.0-beta1
  * CVE-2009-4112: remote authenticated administrators can gain
    privileges; circumvented via optional whitelisting (Closes: #561339)
  * Refresh patches
  * Drop most of
    enable-system-jqueryui-by-putting-cacti-changes-in-main.css.patch
  * Bump Standards to 4.2.1
  * Bump debhelper compat level
  * [tests] Add mysql-server test back but with
    skip-not-installable. Debian has mariadb-server as
    default-mysql-server so we definitely want to test that. Ubuntu has
    mysql-server, so we also want to test that, but that isn't in
    testing. (Closes: #903238)
  * Drop recursive chown from postins (thanks lintian)
  * Add perl-path.patch to make sh-bang in perl scripts compliant with
    policy (thanks lintian)
  * Add font-awesome-path.patch as the path to the css is slightly
    different in the system version
  * Add fix-update-for-beta-versions.patch to ensure updating works
  * Adapt documentation building as upstream reworked it completely

 -- Paul Gevers <email address hidden>  Sun, 28 Oct 2018 16:00:51 +0100
Superseded in buster-release on 2018-12-30
Superseded in sid-release on 2018-12-28
cacti (1.1.38+ds1-1) unstable; urgency=medium

  * New upstream release 1.1.38
  * [tests] Remove mysql-server test as it isn't available in testing

 -- Paul Gevers <email address hidden>  Wed, 18 Apr 2018 12:03:05 +0200
Superseded in buster-release on 2018-04-23
Superseded in sid-release on 2018-04-18
cacti (1.1.37+ds1-1) unstable; urgency=medium

  * New upstream release 1.1.37
  * CVE-2018-10059: (XSS) the get_current_page function in
    lib/functions.php relies on $_SERVER['PHP_SELF'] instead of
    $_SERVER['SCRIPT_NAME'] to determine a page name
  * CVE-2018-10060: (XSS) does not properly reject unintended characters,
    related to use of the sanitize_uri function in lib/functions.php
  * CVE-2018-10061: (XSS) makes certain htmlspecialchars calls without the
    ENT_QUOTES flag

 -- Paul Gevers <email address hidden>  Thu, 12 Apr 2018 17:43:13 +0200

Available diffs

Superseded in buster-release on 2018-04-18
Superseded in sid-release on 2018-04-12
cacti (1.1.36+ds1-1) unstable; urgency=medium

  * New upstream release 1.1.36
    - Refresh patches

 -- Paul Gevers <email address hidden>  Wed, 28 Feb 2018 16:22:50 +0100

Available diffs

Superseded in buster-release on 2018-03-06
Superseded in sid-release on 2018-02-28
cacti (1.1.35+ds1-1) unstable; urgency=medium

  * New upstream version 1.1.35
  * [tests] Fix for nofollow directive that prevented recursive crawl
    (Closes: #889893)
  * [tests] Prevent cron job from running
  * Add 0001-issue-1336-Fix-issue-with-config-not-being-defined-1.patch
    from upstream

 -- Paul Gevers <email address hidden>  Tue, 13 Feb 2018 19:26:14 +0100
Superseded in buster-release on 2018-02-19
Superseded in sid-release on 2018-02-14
cacti (1.1.34+ds1-1) unstable; urgency=medium

  * New upstream version 1.1.34
    - Includes updates for php7.2 (Closes: #889181)

 -- Paul Gevers <email address hidden>  Tue, 06 Feb 2018 22:31:34 +0100
Superseded in buster-release on 2018-02-12
Superseded in sid-release on 2018-02-07
cacti (1.1.31+ds1-1) unstable; urgency=medium

  * New upstream version 1.1.31
  * Update autopkgtest for new output since 1.1.29

 -- Paul Gevers <email address hidden>  Wed, 17 Jan 2018 18:50:00 +0100

Available diffs

Superseded in buster-release on 2018-01-23
Superseded in sid-release on 2018-01-18
cacti (1.1.30+ds1-1) unstable; urgency=medium

  * New upstream version 1.1.30

 -- Paul Gevers <email address hidden>  Fri, 05 Jan 2018 20:30:47 +0100

Available diffs

Superseded in buster-release on 2018-01-11
Superseded in sid-release on 2018-01-06
cacti (1.1.29+ds1-1) unstable; urgency=medium

  * New upstream version 1.1.29
  * Refresh documentation tar ball
  * Drop php-mysqlnd from alternative list of dependencies, it doesn't
    exist
  * Use dh-linktree embed-weakdep option to prevent strong dependencies
    (requires dh-linktree 0.5)

 -- Paul Gevers <email address hidden>  Wed, 27 Dec 2017 20:57:21 +0100

Available diffs

Superseded in buster-release on 2018-01-02
Superseded in sid-release on 2017-12-28
cacti (1.1.28+ds1-3) unstable; urgency=medium

  * Rebuild against new version of libjs-jquery-colorpicker (Closes:
    #884756)

 -- Paul Gevers <email address hidden>  Thu, 21 Dec 2017 21:16:13 +0100

Available diffs

Superseded in buster-release on 2017-12-27
Superseded in sid-release on 2017-12-22
cacti (1.1.28+ds1-2) unstable; urgency=medium

  * Add remove-global-mysql-command.patch (Closes: #882356)

 -- Paul Gevers <email address hidden>  Fri, 24 Nov 2017 11:07:11 +0100
Superseded in sid-release on 2017-11-24
cacti (1.1.28+ds1-1) unstable; urgency=medium

  * New upstream version 1.1.28
    - Drop applied patches
  * [tests] Allow time out to happen in the logs as Ubuntu's autopkgtest
    servers are often too slow

 -- Paul Gevers <email address hidden>  Sun, 19 Nov 2017 21:34:10 +0100

Available diffs

Superseded in buster-release on 2017-11-29
Superseded in sid-release on 2017-11-21
cacti (1.1.27+ds1-3) unstable; urgency=medium

  * CVE-2017-16641: remote authenticated administrators can execute
    arbitrary os commands via the path_rrdtool parameter in an action=save
    request to settings.php (Closes: #881110)
  * CVE-2017-16660: remote authenticated administrators can conduct Remote
    Code Execution attacks by placing the Log Path under the web root, and
    then making a remote_agent.php request containing PHP code in a
    Client-ip header
  * CVE-2017-16661: remote authenticated administrators can read arbitrary
    files accessible by the web-server user by placing the Log Path into a
    private directory, and then making a clog.php?filename= request
  * CVE-2017-16785: reflected XSS via the PATH_INFO to host.php
    (reintroduction of CVE-2017-15194)
  * Bump standards to 4.1.1
  * Set Priority to optional

 -- Paul Gevers <email address hidden>  Tue, 14 Nov 2017 20:14:34 +0100

Available diffs

Superseded in buster-release on 2017-11-20
Superseded in sid-release on 2017-11-15
cacti (1.1.27+ds1-2) unstable; urgency=medium

  * Add upstream commit b44eb52 as 0001-Another-crack-at-issue-1039.patch
    because they likely reintroduced part of CVE-2017-15194. Thanks to
    autopkgtest

 -- Paul Gevers <email address hidden>  Fri, 27 Oct 2017 14:41:48 +0200

Available diffs

Superseded in sid-release on 2017-10-27
cacti (1.1.27+ds1-1) unstable; urgency=medium

  * New upstream version 1.1.27
   - Drop CVE-2017-15194.patch again
  * [tests] Add new note to list of exceptions to fix failure

 -- Paul Gevers <email address hidden>  Mon, 23 Oct 2017 20:52:49 +0200
Superseded in buster-release on 2017-11-01
Superseded in sid-release on 2017-10-24
cacti (1.1.25+ds1-1) unstable; urgency=medium

  * New upstream version 1.1.25
  * Improve the override_dh_fixperms target as some files were
    unintentionally missed and thus make cacti reproducible again
  * CVE-2017-15194: XSS in global_session.php
    - Add CVE-2017-15194.patch (Closes: #878304)
    - Add check to autopkgtest

 -- Paul Gevers <email address hidden>  Fri, 13 Oct 2017 21:09:04 +0200
Superseded in buster-release on 2017-10-19
Superseded in sid-release on 2017-10-14
cacti (1.1.21+ds1-1) unstable; urgency=medium

  * New upstream version 1.1.21
  * Bump standards version to 4.1.0 (no changes)

 -- Paul Gevers <email address hidden>  Fri, 08 Sep 2017 14:48:59 +0200
Superseded in buster-release on 2017-09-13
Superseded in sid-release on 2017-09-08
cacti (1.1.18+ds1-1) unstable; urgency=medium

  * New upstream version 1.1.18
    - Drop patches from upstream and refresh the others
  * Bump standards version to 4.0.1 (no changes)
  * Stop installing csrf/LICENSE file (thanks lintian)

 -- Paul Gevers <email address hidden>  Sat, 19 Aug 2017 18:46:41 +0200

Available diffs

Superseded in sid-release on 2017-08-20
cacti (1.1.17+ds1-2) unstable; urgency=medium

  * CVE-2017-12927 XSS vulnerability in spikekill.php (Closes: #872478)
  * [tests] fix grep expression to unblock Ubuntu
  * [tests] Add improve-boost-logging-on-fresh-installs.patch and don't
    filter on the fixed messages
  * Fix typo in previous changelog message

 -- Paul Gevers <email address hidden>  Fri, 18 Aug 2017 21:15:23 +0200
Superseded in sid-release on 2017-08-19
cacti (1.1.17+ds1-1) unstable; urgency=medium

  * New upstream version 1.1.17
  * Make the autopkgtest strickter now upstream reduced the noise

 -- Paul Gevers <email address hidden>  Wed, 16 Aug 2017 14:04:31 +0200

Available diffs

Superseded in buster-release on 2017-08-25
Superseded in sid-release on 2017-08-16
cacti (1.1.16+ds1-1) unstable; urgency=medium

  * New upstream release
    - Fixes CVE-2017-12065 spikekill.php might allow remote attackers to
      execute arbitrary code via the avgnan, outlier-start, or outlier-end
      parameter (Closes: #870353)
    - Fixes CVE-2017-12066 Cross-site scripting (XSS) vulnerability in
      aggregate_graphs.php (Closes: #870354)

 -- Paul Gevers <email address hidden>  Thu, 03 Aug 2017 09:38:54 -0400

Available diffs

Superseded in buster-release on 2017-08-09
Superseded in sid-release on 2017-08-03
cacti (1.1.15+ds1-1) unstable; urgency=medium

  * New upstream release
    - Fixes CVE-2017-11691 Cross-site scripting (XSS) vulnerability in
      auth_profile.php (Closes: #869848)
  * Lower the Depends on dbc to include ~ to ease backports

 -- Paul Gevers <email address hidden>  Thu, 27 Jul 2017 10:40:05 -0400

Available diffs

Superseded in buster-release on 2017-08-02
Superseded in sid-release on 2017-07-27
cacti (1.1.13+ds1-1) unstable; urgency=medium

  * New upstream release
  * Update documentation from upstream

 -- Paul Gevers <email address hidden>  Fri, 14 Jul 2017 20:37:39 +0200

Available diffs

Superseded in buster-release on 2017-07-20
Superseded in sid-release on 2017-07-14
cacti (1.1.12+ds1-1) unstable; urgency=medium

  * New upstream release
  * CVE-2017-10970 XSS vulnerability via link.php fixed (Closes: #867532)
  * Add version to jquery-tablesorter
  * Make sure that autopkgtests at least run again

 -- Paul Gevers <email address hidden>  Fri, 07 Jul 2017 21:07:43 +0200
Superseded in sid-release on 2017-07-08
cacti (1.1.10+ds1-6) unstable; urgency=medium

  * Fix upgrade script to find the upgrade functions in the Debian file
    layout (Closes: #866773) Thanks to ISHIKAWA Mutsumi
  * Add upgrade code for grant on mysql.time_zone_name
  * Bump version of dbconfig-common to ensure we have the fix for postinst
    code working

 -- Paul Gevers <email address hidden>  Tue, 04 Jul 2017 07:16:45 +0200

Available diffs

Superseded in sid-release on 2017-07-05
cacti (1.1.10+ds1-5) unstable; urgency=medium

  * Fix piuparts issue where the scripts are changed due to loading the
    template files in the postinst script. See upstream bug #810. (Closes:
    #866140)

 -- Paul Gevers <email address hidden>  Tue, 27 Jun 2017 21:41:26 +0200

Available diffs

Superseded in sid-release on 2017-06-29
cacti (1.1.10+ds1-4) unstable; urgency=medium

  * Upload to unstable
  * Bump standards version to 4.0.0 (no changes)

 -- Paul Gevers <email address hidden>  Tue, 20 Jun 2017 21:45:13 +0200

Available diffs

Deleted in experimental-release (Reason: None provided.)
cacti (1.1.10+ds1-3) experimental; urgency=medium

  * Add texlive-formats-extra to the BD to get /usr/bin/pdfjadetex on the
    path ($HOME didn't solve it)

 -- Paul Gevers <email address hidden>  Fri, 16 Jun 2017 17:35:31 +0200
Superseded in experimental-release on 2017-06-16
cacti (1.1.10+ds1-2) experimental; urgency=medium

  * Define $HOME in d/rules to (hopefully) prevent FTBFS (which is
    unfortunately unreproducible in any of the setups I tested)

 -- Paul Gevers <email address hidden>  Thu, 15 Jun 2017 20:04:06 +0200
Superseded in experimental-release on 2017-06-15
cacti (1.1.10+ds1-1) experimental; urgency=medium

  * New upstream release
  * Upstream uses a newer jquery-tablesorter then in Debian so some links
    are not working (newer version is waiting in NEW) and once available
    should be used as minimal required version
  * Add cacti-spine and snmpd to suggests
  * Use soft-links in for site/log and site/rra instead of patches
  * Add missing depends (php-gd, php-json, php-ldap)
  * Debian dropped suhosin long time ago, so stop patching for it
  * Add select grant on mysql.time_zone_name
  * Add default templates during install (got dropped upstream since
    1.0.0)
  * Add some paths to cacti settings during install to accommodate for the
    by-pass of cacti/install web-page.
  * Add note about time zones and the suggested manual action in NEWS and
    README

 -- Paul Gevers <email address hidden>  Tue, 13 Jun 2017 06:47:18 +0200
Published in stretch-release on 2017-05-11
Superseded in sid-release on 2017-06-21
cacti (0.8.8h+ds1-10) unstable; urgency=medium

  * Fix upgrades from before 0.8.8h+ds1-8; that version started to ship
    symlinks to directories in libjs-jquery-jstree without making sure
    dpkg handled that properly during upgrades (Closes: #861858)

 -- Paul Gevers <email address hidden>  Fri, 05 May 2017 13:55:33 +0200

Available diffs

Superseded in experimental-release on 2017-06-16
cacti (1.1.5+ds1-2) experimental; urgency=medium

  * Upload with fix from 0.8.8h+ds1-10:
    Fix upgrades from before 0.8.8h+ds1-8; that version started to ship
    symlinks to directories in libjs-jquery-jstree without making sure
    dpkg handled that properly during upgrades (Closes: #861858)

 -- Paul Gevers <email address hidden>  Fri, 05 May 2017 21:23:09 +0200
Superseded in experimental-release on 2017-05-05
cacti (1.1.5+ds1-1) experimental; urgency=medium

  * New upstream release
  * Generate translations from source
  * Bump compat level to 10
  * Build documentation from source (requires second tar ball generated
    from upstream git)
  * Generate jQueryUI datepicker links instead of hardcoding them
  * Don't install *.po files, they aren't used
  * Add lintian overrides for script-non-executable to avoid carrying a
    patch forever, while they shouldn't need to be executable in Debian
  * Don't install useless examples (outside of doc tree even)
  * Handle the new paper-plane theme as the other themes
  * Clean up d/TODO a bit

 -- Paul Gevers <email address hidden>  Wed, 03 May 2017 20:47:08 +0200
Superseded in experimental-release on 2017-05-04
cacti (1.1.3+ds1-1) experimental; urgency=medium

  * New upstream release
    - Drop loads of obsoleted patches
    - Refresh or rework remaining patches
  * Strip loads of embedded javascript projects and build and/or depend on
    the proper Debian package
  * Drop dependency on libadodb as upstream moved away from it
  * Prepare to buid documentation
  * Add patches to move adaptations in the embedded jquery-ui css file to
    the cacti main.css file as upstream intents to support that
  * Update d/TODO as not everything is done as I want it

 -- Paul Gevers <email address hidden>  Mon, 17 Apr 2017 19:50:52 +0200
Superseded in stretch-release on 2017-05-11
Superseded in sid-release on 2017-05-06
cacti (0.8.8h+ds1-9) unstable; urgency=medium

  * Add enable_faster_polling_than_cron.patch to replace the use of the
    deprecated split() function (Closes: #860271)

 -- Paul Gevers <email address hidden>  Thu, 13 Apr 2017 22:05:30 +0200
Superseded in stretch-release on 2017-04-19
Superseded in sid-release on 2017-04-14
cacti (0.8.8h+ds1-8) unstable; urgency=medium

  * Depend on libjs-jquery-jstree instead of using embedded version
  * Replace use_debian_javascript_packages.patch with links to the Debian
    packages instead (more transparent)
  * Add fix_export_for_debian_packages.patch to avoid export failure

 -- Paul Gevers <email address hidden>  Wed, 14 Dec 2016 21:20:24 +0100

Available diffs

Superseded in sid-release on 2016-12-15
cacti (0.8.8h+ds1-7) unstable; urgency=medium

  * Previous upload was screwed up. Doing it better this time I hope.

 -- Paul Gevers <email address hidden>  Sat, 10 Dec 2016 07:47:07 +0100
Superseded in sid-release on 2016-12-10
cacti (0.8.8h+ds1-6) unstable; urgency=medium

  * Fix links for path change in libjs-jquery-ui-theme-ui-lightness,
    hopefully bug #846515 will not get fixed

 -- Paul Gevers <email address hidden>  Wed, 07 Dec 2016 21:44:51 +0100
Published in jessie-release on 2016-09-17
cacti (0.8.8b+dfsg-8+deb8u6) jessie-proposed-updates; urgency=medium

  [ Emilio Pozuelo Monfort ]
  * CVE-2016-2313-guest-auth.patch:
    + Fix regression in the fix for CVE-2016-2313 that broke guest user
      logins. Thanks to Matus Uhlar for the report.

 -- Paul Gevers <email address hidden>  Sun, 04 Sep 2016 21:37:36 +0200
Superseded in stretch-release on 2016-12-25
Superseded in sid-release on 2016-12-09
cacti (0.8.8h+ds1-5) unstable; urgency=medium

  [ Emilio Pozuelo Monfort ]
  * CVE-2016-2313-guest-auth.patch:
    + Fix regression in the fix for CVE-2016-2313 that broke guest user
      logins. Thanks to Matus Uhlar for the report. (Closes: #833420)

  [ Paul Gevers ]
  * Recommend default-mysql-server instead of MariaDB and MySQL

 -- Paul Gevers <email address hidden>  Mon, 05 Sep 2016 21:10:12 +0200

Available diffs

Superseded in stretch-release on 2016-09-11
Superseded in sid-release on 2016-09-06
cacti (0.8.8h+ds1-4) unstable; urgency=medium

  * Improve autopkgtest situation and avoid failure when it is not needed

 -- Paul Gevers <email address hidden>  Thu, 16 Jun 2016 22:11:20 +0200
Superseded in sid-release on 2016-06-17
cacti (0.8.8h+ds1-3) unstable; urgency=medium

  * Save more log files during autopkgtesting
  * Add check on errors during testing (Closes: #825644)
  * Add javascript-common to Depends to ensure jquery is usable

 -- Paul Gevers <email address hidden>  Fri, 10 Jun 2016 20:20:04 +0200

Available diffs

Superseded in stretch-release on 2016-06-23
Superseded in sid-release on 2016-06-12
cacti (0.8.8h+ds1-2) unstable; urgency=medium

  * Update make_cacti_sql_mode-strict_compatible.patch to also drop
    ONLY_FULL_GROUP_BY (Follow-up for LP: #1578144)
  * Lower versioned dependency on libphp-adodb to be Ubuntu compatible

 -- Paul Gevers <email address hidden>  Thu, 02 Jun 2016 22:06:59 +0200
Superseded in stretch-release on 2016-06-08
Superseded in sid-release on 2016-06-03
cacti (0.8.8h+ds1-1) unstable; urgency=medium

  * New upstream release
    - CVE-2016-3659 SQL Injection Vulnerability in graph_view.php (Closes:
      #820521)
  * Drop obsolete patches (applied upstream)
  * Update tests to depend on javascript-common
  * Don't test lighttpd for now
  * Drop jquery.js from the source (wasn't used anyways in Debian), so no
    need to document it in d/copyright
  * Add make_cacti_sql_mode-strict_compatible.patch to enable cacti to
    work with the default settings of MySQL 5.7 (LP: #1578144)

 -- Paul Gevers <email address hidden>  Sat, 14 May 2016 22:26:35 +0200
Superseded in stretch-release on 2016-05-22
Superseded in sid-release on 2016-05-17
cacti (0.8.8g+ds1-3) unstable; urgency=medium

  * Bump standards (no changes)
  * Fix noninteractive install failure
  * Reorder test Depends in the hope that MySQL|MariaDB-server get setup
    before cacti
  * Refresh all patches
  * Take over patch 11_1571432_mysqli.patch from Ubuntu (although not
    really needed anymore) to fix mysqli extension in the install script
    (LP: #1571432)

 -- Paul Gevers <email address hidden>  Fri, 29 Apr 2016 14:08:05 +0200
Superseded in stretch-release on 2016-05-05
Superseded in sid-release on 2016-04-29
cacti (0.8.8g+ds1-2) unstable; urgency=medium

  [ Paul Gevers ]
  * Next upstream version, strip include/js/jquery.js from source
  * Make sure the web-interface doesn't ask unnecessary questions after
    install (Closes: #783447)
  * Use the MySQL connection password as initial password for the admin
    user (Closes: #783446) and mention this in the NEWS.Debian file
  * Improve fix for CVE-2016-2313 such that it doesn't cause a regression
    for setups that rely on http authentication of users unknown to cacti.
    - Add improve_fix_for_CVE-2016-2313.patch
  * Full update of README.Debian
  * CVE-2016-3172
    - Add CVE-2016-3172_sql-injection-in-tree.php.patch (Closes: #818647)
  * Update Brazilian Portuguese, thanks to Diego Neves (Closes: #816962)
  * Drop old code in postinst to (re)move old configuration files this is
    already fixed in jessie
  * Bump version for libphp-adodb as mysqli doesn't work otherwise
  * Add new php-xml & php-mbstring to Depends for php7.0
  * Add add_rrdtool-1.5_to_utilities.php.patch to prevent error in
    utilities.php with rrdtool version 1.5
  * Remove Mahyuddin from uploaders (thanks for the fish)

  [ Nishanth Aravamudan ]
  * Update to PHP7.0 dependencies (LP: #1544352)
  * Default to mysqli driver for database connection, as the mysql driver
    has been removed in PHP7.0 (LP: #1544352) (Closes: #815987)

 -- Paul Gevers <email address hidden>  Sun, 17 Apr 2016 19:55:43 +0200
Published in wheezy-release on 2016-04-02
cacti (0.8.8a+dfsg-5+deb7u8) wheezy-security; urgency=high

  * CVE-2015-8377: Fix SQL Injection vulnerability in graphs_new.php
  * CVE-2015-8604: Fix SQL Injection vulnerability in graphs_new.php

 -- Paul Gevers <email address hidden>  Tue, 23 Feb 2016 21:41:22 +0100
Superseded in jessie-release on 2016-09-17
cacti (0.8.8b+dfsg-8+deb8u4) jessie-security; urgency=high

  * CVE-2015-8377: Fix SQL Injection vulnerability in graphs_new.php
  * CVE-2015-8604: Fix SQL Injection vulnerability in graphs_new.php

 -- Paul Gevers <email address hidden>  Tue, 23 Feb 2016 21:30:13 +0100
Superseded in stretch-release on 2016-04-23
Superseded in sid-release on 2016-04-18
cacti (0.8.8g+ds1-1) unstable; urgency=medium

  * New upstream release
    - CVE-2016-2313 (closes: #814353)
    - Drop included patches
  * Update d/copyright with new years
  * Enable installation on MariaDB by forcing the collation to latin1
  * Add mariadb-server to list of recommends
  * Update Vcs-* fields to https

 -- Paul Gevers <email address hidden>  Fri, 26 Feb 2016 13:50:34 +0100
Superseded in jessie-release on 2016-04-02
cacti (0.8.8b+dfsg-8+deb8u3) jessie-security; urgency=high

  * Add upstream patch to fix (Closes: #807599)
    - CVE-2015-8369 SQL Injection vulnerability in graph.php

 -- Paul Gevers <email address hidden>  Sat, 12 Dec 2015 21:08:55 +0100
Superseded in stretch-release on 2016-03-03
Superseded in sid-release on 2016-02-27
cacti (0.8.8f+ds1-4) unstable; urgency=medium

  * CVE-2015-8377: Fix SQL Injection vulnerability in graphs_new.php
  * CVE-2015-8604: Fix SQL Injection vulnerability in graphs_new.php
  * Depend on dbconfig-mysql or dbconfig-no-thanks instead of
    dbconfig-common and mysql-client
  * Bump compat level to 9
  * Drop useless CFLAGS declaration in d/rules
  * Drop cacti.sql_drop_tables_to_begin.patch as dbconfig-common now does
    that.
  * Add dependency on libjs-jquery now that version is high enough and
    update use_debian_javascript_packages.patch to use it.

 -- Paul Gevers <email address hidden>  Sat, 09 Jan 2016 13:16:04 +0100

Available diffs

Superseded in stretch-release on 2016-01-16
Superseded in sid-release on 2016-01-10
cacti (0.8.8f+ds1-3) unstable; urgency=high

  * Add upstream patch to fix
    - CVE-2015-8369 SQL Injection vulnerability in graph.php

 -- Paul Gevers <email address hidden>  Sat, 12 Dec 2015 14:03:40 +0100

Available diffs

Superseded in wheezy-release on 2016-04-02
cacti (0.8.8a+dfsg-5+deb7u6) wheezy-security; urgency=high

  * Security update
    - CVE-2015-4634 SQL injection in graphs.php
    - Multiple other SQL injection vulnerabilities

 -- Paul Gevers <email address hidden>  Sun, 19 Jul 2015 21:57:27 +0200
Superseded in jessie-release on 2016-01-23
cacti (0.8.8b+dfsg-8+deb8u2) jessie-security; urgency=high

  * Security update
    - CVE-2015-4634 SQL injection in graphs.php
    - Multiple other SQL injection vulnerabilities

 -- Paul Gevers <email address hidden>  Sun, 19 Jul 2015 21:57:27 +0200
Superseded in stretch-release on 2015-12-15
Superseded in sid-release on 2015-12-12
cacti (0.8.8f+ds1-2) unstable; urgency=medium

  * Update loadavg_multi_locale_friendly.patch (Closes: #793401)
  * Add missing manual.css (Closes: #783416)
  * Fix d/rules override_dh_*configure target (Wasn't ever run,
    althought that wasn't too bad until now)

 -- Paul Gevers <email address hidden>  Mon, 03 Aug 2015 19:58:53 +0200

Available diffs

Superseded in stretch-release on 2015-08-09
Superseded in sid-release on 2015-08-03
cacti (0.8.8f+ds1-1) unstable; urgency=medium

  * New upstream release fixing some regressions in 0.8.8e

 -- Paul Gevers <email address hidden>  Tue, 21 Jul 2015 21:59:40 +0200

Available diffs

Superseded in stretch-release on 2015-07-27
Superseded in sid-release on 2015-07-22
cacti (0.8.8e+ds1-1) unstable; urgency=high

  * Imported Upstream version 0.8.8e
    - CVE-2015-4634 multiple SQL Injection vulnerabilities
  * Add new jquery scripts to Files-Exculded
  * Refresh patches

 -- Paul Gevers <email address hidden>  Wed, 15 Jul 2015 19:47:00 +0200

Available diffs

Superseded in stretch-release on 2015-07-18
Superseded in sid-release on 2015-07-15
cacti (0.8.8d+ds1-1) unstable; urgency=high

  * Upload to unstable
  * New upstream release
    - CVE-2015-2665 Cross-site scripting (XSS) vulnerability in Cacti
      before 0.8.8d allows remote attackers to inject arbitrary web script
      or HTML via unspecified vectors.
    - CVE-2015-4342 SQL Injection and Location header injection from cdef id
    - CVE-2015-4454 SQL injection vulnerability in the
      get_hash_graph_template function in lib/functions.php in Cacti before
      0.8.8d allows remote attackers to execute arbitrary SQL commands via
      the graph_template_id parameter to graph_templates.php.
    - Unassigned CVE VN:JVN#78187936 / TN:JPCERT#98968540 Fixed SQL injection
  * Remove Sean from the list of uploaders. Thanks for all the fish
    (Closes: #773436)
  * Fix d/p/07_cli-include-path.patch (LP: #1433665)
  * Update debian/patches/fix_php_strict_warning_in_ping.patch for partial
    upstream fix
  * Include the virtual alternative for the recommends on mysql-server
    (Closes: #781982)
  * Upstream dropped unused javascripts, remove them from d/copyright
  * Add patch to have upgrade script mention version 0.8.8d i.s.o. 0.8.8c

 -- Paul Gevers <email address hidden>  Mon, 22 Jun 2015 19:59:13 +0200

Available diffs

Deleted in experimental-release (Reason: None provided.)
cacti (0.8.8c+ds1-1) experimental; urgency=medium


  * New upstream release
  * Strip several parts from the upstream source
    - convenience copies (javascript and adodb) that have a corresponding
      package in Debian
    - other unused javascript files (some lacking source)
    - font files without source
  * Drop patches now applied upstream
  * Upstream now has a DFSG treeview, drop Debian patches
  * Drop recommends on jquery (too old for this treeview, use
    convenience copy in source)
  * Add patch to use system versions of javascripts
  * Update d/copyright
  * Update standards to 3.9.6 (no changes)
  * Update d/watch, d/rules and d/copyright to download and strip source

 -- Paul Gevers <email address hidden>  Mon, 08 Dec 2014 21:28:05 +0100
Superseded in wheezy-release on 2015-09-05
cacti (0.8.8a+dfsg-5+deb7u4) wheezy-security; urgency=high


  * Fix regression caused by fixing CVE-2014-4002 at least plugin autom8
    was unusable (Closes: #755032)
  * Security update
    - CVE-2014-5025 Cross Site Scripting Vulnerability
    - CVE-2014-5026 Cross Site Scripting Vulnerability
    - CVE-2014-5043 Cross Site Scripting Vulnerability
    - CVE-2014-5261 Remote Code Execution
    - CVE-2014-5262 SQL injection

 -- Paul Gevers <email address hidden>  Mon, 18 Aug 2014 20:29:12 +0200
Superseded in stretch-release on 2015-06-25
Superseded in jessie-release on 2015-09-05
Superseded in sid-release on 2015-06-22
cacti (0.8.8b+dfsg-8) unstable; urgency=high


  * CVE-2014-5261
    Unsufficient input sanitation leads to shell command injection
    possibilities
  * CVE-2014-5262
    Incomplete and incorrect input parsing leads to SQL injection attack
    scenarios
  * Fix for CVE-2014-5043 was incomplete, improve patch
  * Change CVE-2014-4002 patch to include upstream updated commits

 -- Paul Gevers <email address hidden>  Mon, 18 Aug 2014 19:57:43 +0200

Available diffs

Superseded in jessie-release on 2014-08-21
Superseded in sid-release on 2014-08-18
cacti (0.8.8b+dfsg-7) unstable; urgency=medium


  * Fix regression caused by fixing CVE-2014-4002 at least plugin autom8
    was unusable (Closes: #755032)
  * Security update
    - CVE-2014-5025 Cross Site Scripting Vulnerability
    - CVE-2014-5026 Cross Site Scripting Vulnerability
    - CVE-2014-5043 Cross Site Scripting Vulnerability

 -- Paul Gevers <email address hidden>  Thu, 24 Jul 2014 21:56:48 +0200

Available diffs

Superseded in wheezy-release on 2014-10-18
cacti (0.8.8a+dfsg-5+deb7u3) wheezy-security; urgency=high


  * Security upload (Closes: #742768, #743565, #752573)
    - CVE-2014-2326 Cross-site scripting (XSS) vulnerability
    - CVE-2014-2327 Cross Site Request Forgery Vulnerability
    - CVE-2014-2328 Unspecified Remote Command Execution Vulnerability
    - CVE-2014-2708 SQL injection
    - CVE-2014-2709 Unspecified Remote Command Execution Vulnerability
    - CVE-2014-4002 Cross-Site Scripting Vulnerability

 -- Paul Gevers <email address hidden>  Thu, 26 Jun 2014 21:01:50 +0200
Superseded in jessie-release on 2014-07-30
Superseded in sid-release on 2014-07-25
cacti (0.8.8b+dfsg-6) unstable; urgency=high


  * Add alternative php5-mysql | php5-mysqlnd (Closes: #744067)
  * Security update (Closes: #742768, #752573)
    - CVE-2014-2327 Cross Site Request Forgery Vulnerability
    - CVE-2014-4002 Cross-Site Scripting Vulnerability

 -- Paul Gevers <email address hidden>  Wed, 25 Jun 2014 22:33:53 +0200

Available diffs

Superseded in jessie-release on 2014-06-28
Superseded in sid-release on 2014-06-26
cacti (0.8.8b+dfsg-5) unstable; urgency=high


  * Fix postinst for lighttpd setups which fail on update due to
    lighty-enable-mod exiting with non-zero if config is already loaded
    (Closes: 743727)

 -- Paul Gevers <email address hidden>  Sun, 06 Apr 2014 19:59:12 +0200

Available diffs

Superseded in sid-release on 2014-04-06
cacti (0.8.8b+dfsg-4) unstable; urgency=high


  * Security update (Closes: 743565)
    - CVE-2014-2326 Cross-site scripting (XSS) vulnerability
    - CVE-2014-2328 Unspecified Remote Command Execution Vulnerability
    - CVE-2014-2708 SQL injection
    - CVE-2014-2709 Unspecified Remote Command Execution Vulnerability
  * Bump standards (no changes needed)
  * Fix VCS-Browser field
  * Fix license paragraph of jstree (Thanks lintian)

 -- Paul Gevers <email address hidden>  Sat, 05 Apr 2014 13:03:22 +0200
Published in squeeze-release on 2013-10-19
cacti (0.8.7g-1+squeeze3) squeeze-security; urgency=high


  * Security upload
  * Fix Cross site scripting in host.php and install/index.php (upstream
    bug 2383) CVE-2013-5588
  * Fix SQL injection in host.php (upstream bug 2383)
    CVE-2013-5589

 -- Paul Gevers <email address hidden>  Wed, 28 Aug 2013 20:52:20 +0200
Superseded in wheezy-release on 2014-07-12
cacti (0.8.8a+dfsg-5+deb7u2) wheezy-security; urgency=high


  * Security upload
  * Fix Cross site scripting in host.php and install/index.php (upstream
    bug 2383) CVE-2013-5588
  * Fix SQL injection in host.php (upstream bug 2383)
    CVE-2013-5589

 -- Paul Gevers <email address hidden>  Wed, 28 Aug 2013 21:12:50 +0200
Superseded in jessie-release on 2014-04-09
Superseded in sid-release on 2014-04-05
cacti (0.8.8b+dfsg-3) unstable; urgency=low


  * Fix Cross site scripting (upstream bug 2383)
    CVE-2013-5588
  * Fix SQL injection in host.php (upstream bug 2383)
    CVE-2013-5589
  * Fix upgrade script in cli directory for latest releases
  * Automatically upgrade database during package update (prevents upstream
    bug 2377)
  * The code to enable lighttpd configuration from LP: #1132415 was broken

 -- Paul Gevers <email address hidden>  Tue, 27 Aug 2013 20:43:21 +0200

Available diffs

Superseded in jessie-release on 2013-09-07
Superseded in sid-release on 2013-08-28
cacti (0.8.8b+dfsg-2) unstable; urgency=low


  * CVE-2013-1435 fix cause a regression in the handling of empty COMMENT
    lines in the rrd legend. Fixed by upstream:
    fix_COMMENT_in_graph_regression_from_CVE-2013-1435.patch (Closes: #719156)
  * Update jquery stylesheet to provide the cacti background color

 -- Paul Gevers <email address hidden>  Fri, 09 Aug 2013 22:34:26 +0200

Available diffs

175 of 103 results