Change log for cacti package in Ubuntu
| 76 → 150 of 152 results | First • Previous • Next • Last |
cacti (0.8.8b+dfsg-8+deb8u3build0.15.04.1) vivid-security; urgency=medium * fake sync from Debian
Available diffs
cacti (0.8.8f+ds1-3) unstable; urgency=high
* Add upstream patch to fix
- CVE-2015-8369 SQL Injection vulnerability in graph.php
-- Paul Gevers <email address hidden> Sat, 12 Dec 2015 14:03:40 +0100
Available diffs
- diff from 0.8.8f+ds1-2 to 0.8.8f+ds1-3 (3.4 KiB)
| Superseded in xenial-release |
| Obsolete in wily-release |
| Deleted in wily-proposed (Reason: moved to release) |
cacti (0.8.8f+ds1-2) unstable; urgency=medium
* Update loadavg_multi_locale_friendly.patch (Closes: #793401)
* Add missing manual.css (Closes: #783416)
* Fix d/rules override_dh_*configure target (Wasn't ever run,
althought that wasn't too bad until now)
-- Paul Gevers <email address hidden> Mon, 03 Aug 2015 19:58:53 +0200
Available diffs
- diff from 0.8.8f+ds1-1 to 0.8.8f+ds1-2 (2.7 KiB)
cacti (0.8.8b+dfsg-8+deb8u2build0.15.04.1) vivid-security; urgency=medium * fake sync from Debian
Available diffs
cacti (0.8.8f+ds1-1) unstable; urgency=medium * New upstream release fixing some regressions in 0.8.8e -- Paul Gevers <email address hidden> Tue, 21 Jul 2015 21:59:40 +0200
Available diffs
- diff from 0.8.8e+ds1-1 to 0.8.8f+ds1-1 (2.5 KiB)
cacti (0.8.8e+ds1-1) unstable; urgency=high
* Imported Upstream version 0.8.8e
- CVE-2015-4634 multiple SQL Injection vulnerabilities
* Add new jquery scripts to Files-Exculded
* Refresh patches
-- Paul Gevers <email address hidden> Wed, 15 Jul 2015 19:47:00 +0200
Available diffs
- diff from 0.8.8d+ds1-1 to 0.8.8e+ds1-1 (16.4 KiB)
cacti (0.8.8b+dfsg-5ubuntu0.1) trusty-security; urgency=medium * Security update (LP: #1210822): - CVE-2015-2665 Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - CVE-2015-4342 SQL Injection and Location header injection from cdef id - CVE-2015-4454 SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php. - Unassigned CVE SQL injection VN:JVN#78187936 / TN:JPCERT#98968540 - CVE-2014-5261 Unsufficient input sanitation leads to shell command injection possibilities - CVE-2014-5262 Incomplete and incorrect input parsing leads to SQL injection attack scenarios - CVE-2014-5025 Cross Site Scripting Vulnerability - CVE-2014-5026 Cross Site Scripting Vulnerability - CVE-2014-5043 Cross Site Scripting Vulnerability - CVE-2014-2327 Cross Site Request Forgery Vulnerability - CVE-2014-4002 Cross-Site Scripting Vulnerability -- Paul Gevers <email address hidden> Sat, 27 Jun 2015 14:25:12 +0200
Available diffs
cacti (0.8.8b+dfsg-8+deb8u1build0.15.04.1) vivid-security; urgency=medium * fake sync from Debian (LP: #1210822)
Available diffs
cacti (0.8.8b+dfsg-8+deb8u1build0.14.10.1) utopic-security; urgency=medium * fake sync from Debian (LP: #1210822)
Available diffs
cacti (0.8.8d+ds1-1) unstable; urgency=high
* Upload to unstable
* New upstream release
- CVE-2015-2665 Cross-site scripting (XSS) vulnerability in Cacti
before 0.8.8d allows remote attackers to inject arbitrary web script
or HTML via unspecified vectors.
- CVE-2015-4342 SQL Injection and Location header injection from cdef id
- CVE-2015-4454 SQL injection vulnerability in the
get_hash_graph_template function in lib/functions.php in Cacti before
0.8.8d allows remote attackers to execute arbitrary SQL commands via
the graph_template_id parameter to graph_templates.php.
- Unassigned CVE VN:JVN#78187936 / TN:JPCERT#98968540 Fixed SQL injection
* Remove Sean from the list of uploaders. Thanks for all the fish
(Closes: #773436)
* Fix d/p/07_cli-include-path.patch (LP: #1433665)
* Update debian/patches/fix_php_strict_warning_in_ping.patch for partial
upstream fix
* Include the virtual alternative for the recommends on mysql-server
(Closes: #781982)
* Upstream dropped unused javascripts, remove them from d/copyright
* Add patch to have upgrade script mention version 0.8.8d i.s.o. 0.8.8c
-- Paul Gevers <email address hidden> Mon, 22 Jun 2015 19:59:13 +0200
Available diffs
- diff from 0.8.8b+dfsg-8 to 0.8.8d+ds1-1 (538.3 KiB)
| Superseded in wily-release |
| Obsolete in vivid-release |
| Obsolete in utopic-release |
| Deleted in utopic-proposed (Reason: moved to release) |
cacti (0.8.8b+dfsg-8) unstable; urgency=high
* CVE-2014-5261
Unsufficient input sanitation leads to shell command injection
possibilities
* CVE-2014-5262
Incomplete and incorrect input parsing leads to SQL injection attack
scenarios
* Fix for CVE-2014-5043 was incomplete, improve patch
* Change CVE-2014-4002 patch to include upstream updated commits
-- Paul Gevers <email address hidden> Mon, 18 Aug 2014 19:57:43 +0200
Available diffs
- diff from 0.8.8b+dfsg-7 to 0.8.8b+dfsg-8 (2.2 KiB)
cacti (0.8.8b+dfsg-7) unstable; urgency=medium
* Fix regression caused by fixing CVE-2014-4002 at least plugin autom8
was unusable (Closes: #755032)
* Security update
- CVE-2014-5025 Cross Site Scripting Vulnerability
- CVE-2014-5026 Cross Site Scripting Vulnerability
- CVE-2014-5043 Cross Site Scripting Vulnerability
-- Paul Gevers <email address hidden> Thu, 24 Jul 2014 21:56:48 +0200
Available diffs
- diff from 0.8.8b+dfsg-6 to 0.8.8b+dfsg-7 (2.7 KiB)
cacti (0.8.8b+dfsg-6) unstable; urgency=high
* Add alternative php5-mysql | php5-mysqlnd (Closes: #744067)
* Security update (Closes: #742768, #752573)
- CVE-2014-2327 Cross Site Request Forgery Vulnerability
- CVE-2014-4002 Cross-Site Scripting Vulnerability
-- Paul Gevers <email address hidden> Wed, 25 Jun 2014 22:33:53 +0200
Available diffs
- diff from 0.8.8b+dfsg-5 to 0.8.8b+dfsg-6 (9.3 KiB)
| Superseded in utopic-release |
| Published in trusty-release |
| Deleted in trusty-proposed (Reason: moved to release) |
cacti (0.8.8b+dfsg-5) unstable; urgency=high
* Fix postinst for lighttpd setups which fail on update due to
lighty-enable-mod exiting with non-zero if config is already loaded
(Closes: 743727)
-- Paul Gevers <email address hidden> Sun, 06 Apr 2014 19:59:12 +0200
Available diffs
- diff from 0.8.8b+dfsg-3 to 0.8.8b+dfsg-5 (3.3 KiB)
| Superseded in trusty-release |
| Obsolete in saucy-release |
| Deleted in saucy-proposed (Reason: moved to release) |
cacti (0.8.8b+dfsg-3) unstable; urgency=low
* Fix Cross site scripting (upstream bug 2383)
CVE-2013-5588
* Fix SQL injection in host.php (upstream bug 2383)
CVE-2013-5589
* Fix upgrade script in cli directory for latest releases
* Automatically upgrade database during package update (prevents upstream
bug 2377)
* The code to enable lighttpd configuration from LP: #1132415 was broken
-- Paul Gevers <email address hidden> Tue, 27 Aug 2013 20:43:21 +0200
Available diffs
- diff from 0.8.8b+dfsg-2 to 0.8.8b+dfsg-3 (3.3 KiB)
cacti (0.8.8b+dfsg-2) unstable; urgency=low
* CVE-2013-1435 fix cause a regression in the handling of empty COMMENT
lines in the rrd legend. Fixed by upstream:
fix_COMMENT_in_graph_regression_from_CVE-2013-1435.patch (Closes: #719156)
* Update jquery stylesheet to provide the cacti background color
-- Paul Gevers <email address hidden> Fri, 09 Aug 2013 22:34:26 +0200
Available diffs
- diff from 0.8.8a+dfsg-7 to 0.8.8b+dfsg-2 (26.3 KiB)
cacti (0.8.8a+dfsg-7) unstable; urgency=low
* Fix typo in cacti.postrm which prevented proper purging (Closes: #707010)
* Update use_jquery_for_debian.patch to not load jquery-cookie if it is
not installed on the system (Closes: #708001)
-- Paul Gevers <email address hidden> Sat, 18 May 2013 12:14:02 +0200
Available diffs
- diff from 0.8.8a+dfsg-6 to 0.8.8a+dfsg-7 (1.4 KiB)
cacti (0.8.8a+dfsg-6) unstable; urgency=low
* Improve maintenance scripts
- Prepare cacti configuration for Apache2.4 according to
http://wiki.debian.org/Apache/PackagingFor24
- Improve cacti.config to fix dpkg-reconfigure behavior for httpd's.
- Restart lighttpd if needed (LP: #1132415)
- Remove obsolete (Sarge) preinst code
* Fix the lighttpd config template for absolute path (see LP: #1132415)
* Lintian triggered improvements:
- Update watch file for +dfsg in the version
- Add dependency on mysql-client (next to virtual-mysql-client)
* Bug fixes:
- Add patch loadavg_multi_locale_friendly.patch to allow uptime script to
work independent of the local locale (Closes: #704057)
- Add patch fix_php_strict_warning_in_ping.patch to fix php 5.4 warnings
(Closes: #694159)
- Add patch poller_cache_rebuild_on_install.patch to start filling the
auto-generated graphs upon installation (Upstream: 2229)
* Move configuration files away from /usr/share/doc/cacti (policy 12.3)
* Remove obsolete RM-Upload-Allowed from d/control
* Revisited README.Debian
-- Paul Gevers <email address hidden> Sun, 05 May 2013 16:41:13 +0200
Available diffs
- diff from 0.8.8a+dfsg-5 to 0.8.8a+dfsg-6 (10.9 KiB)
cacti (0.8.8a+dfsg-5) unstable; urgency=low
* Update debian/NEWS.Debian to explain the recommended packages for the tree,
which seem to be not installed by default upon upgrade, and make sure it is
actually installed.
-- Paul Gevers <email address hidden> Thu, 11 Apr 2013 19:57:35 +0200
Available diffs
- diff from 0.8.8a+dfsg-4 to 0.8.8a+dfsg-5 (814 bytes)
| Superseded in saucy-release |
| Obsolete in raring-release |
| Deleted in raring-proposed (Reason: moved to release) |
cacti (0.8.8a+dfsg-4) unstable; urgency=low * Improve jquery tree patch to show trees multilevel (Closes: #702690) -- Paul Gevers <email address hidden> Mon, 01 Apr 2013 08:03:11 +0200
Available diffs
- diff from 0.8.8a+dfsg-3 to 0.8.8a+dfsg-4 (5.3 KiB)
cacti (0.8.8a+dfsg-3) unstable; urgency=low * Fixed typo in recommends libjs-jquery* i.s.o. libjs-query (Closes: #700999) -- Paul Gevers <email address hidden> Tue, 19 Feb 2013 20:33:20 +0100
Available diffs
- diff from 0.8.8a+dfsg-2 to 0.8.8a+dfsg-3 (544 bytes)
cacti (0.8.8a+dfsg-2) unstable; urgency=low * Upload to unstable after acknowledge by the RT, see #694850. -- Paul Gevers <email address hidden> Tue, 29 Jan 2013 20:41:05 +0100
Available diffs
- diff from 0.8.8a+dfsg-1 to 0.8.8a+dfsg-2 (379 bytes)
cacti (0.8.8a+dfsg-1) experimental; urgency=low
* Removed non-dfsg-free treeview code from the upstream source (Closes:
#679980)
* Add jquery.jstree.js and four jstree theme files to the package to replace
the treeview functionality
* Update d/copyright to reflect above changes
* Add patches to use the jstree code
- replace_treeview_by_jquery.jstree.patch
- use_jquery_for_debian.patch
* Add libjs-jquery and libjs-jquery-cookie to recommends as they are needed by
jstree.
* Remove the logic to install plugins in /usr/local/share/cacti/plugins as the
implementation of chdir in php resolves symlinks (Closes: #681558).
- Update README.Debian and add NEWS.Debian and README.Plugins
- Update d/cacti.links and d/cacti.install
* Update my e-mail address to <email address hidden>
-- Paul Gevers <email address hidden> Mon, 10 Dec 2012 22:48:48 +0100
Available diffs
- diff from 0.8.8a-3 to 0.8.8a+dfsg-1 (59.3 KiB)
cacti (0.8.7e-2ubuntu0.3) lucid-proposed; urgency=low
* Fix regression in the CVE-2010-1645 update on error handling:
"PHP Fatal error: Cannot use string offset as an array in
/usr/share/cacti/site/lib/data_query.php on line 183" (LP: #914746)
- debian/patches/LP914746_regression_lucid_string_offset_in_data_query.patch
-- Paul Gevers <email address hidden> Wed, 18 Jul 2012 13:55:19 -0700
cacti (0.8.8a-3) unstable; urgency=low * Update postrm with new debconf answers (Closes: #673764) -- Paul Gevers <email address hidden> Mon, 21 May 2012 20:22:18 +0200
Available diffs
- diff from 0.8.8a-2 to 0.8.8a-3 (510 bytes)
cacti (0.8.8a-2) unstable; urgency=low
* Use ts to timestamp poller errors in cron when available and add moreutils
to suggests.
* Add suhosin.memory_limit to cron and poller (Closes: #566609)
* Add dependency on ${perl:Depends} as the dependency on perl was missing
* Use a template based on config.php for debian.php creation to include
non-database options and get rid of 01_config.php.patch by creating link
to debian.php instead. Update two dependent patches.
* Add different sub folders to local resource in d/dirs
* Add cacti.sql_ensure_cron_works.patch to prevent failure of crontab after
install as the paths to rrdtool and php are not set.
* Add cacti.sql_drop_tables_to_begin.patch patch to work around bug 665742
where dbconfig-common does not drop the tables during reconfigure so we have
to do it on population of the database to prevent errors.
* Update d/copyright to include proper license info for jscalendar and
treeview (this last one needs action). Also update Cacti's license as it
has been GPL-2+ all along.
* Readded debconf question option for lighttpd lost in commit 98fed9b while
preventing the need to call for new translations. Use lower-case apache2 and
lighttpd as package names at the same time.
* Update 08_563955_local_data_id.patch with upstream bug number
* Improve rra removal on purge (one higher level directory) in postrm
-- Paul Gevers <email address hidden> Sat, 19 May 2012 07:56:04 +0200
Available diffs
cacti (0.8.7i-2ubuntu1) precise; urgency=low
* debian/patches/01_config.php.patch: Backports from Debian git repos to
fix while upgrade because /etc/cacti/debian.php has been rewrite.
(Closes: #654352)
* debian/control:
- Move apache2 to Recommends to allow cacti running to other webserver,
and fcgi stuff to Depends. (LP: #544828)
- Remove absolute packages: apache, apache-ssl, apache-perl
-- Mahyuddin Susanto <email address hidden> Thu, 19 Jan 2012 15:25:27 +0700
Available diffs
cacti (0.8.7i-2) unstable; urgency=low
* Cherry-pick upstream patches
- debian/patches/10_settings_checkbox.patch
* debian/patches/05_no-adodb.patch: Updates, add semicolon at line 190.
(Closes: #653863)
* Updated last changelog to mention security bug.
-- Mahyuddin Susanto <email address hidden> Mon, 02 Jan 2012 14:11:15 +0700
Available diffs
- diff from 0.8.7g-2.1 to 0.8.7i-2 (150.1 KiB)
cacti (0.8.7g-1ubuntu0.11.04.1) natty-security; urgency=low * SECURITY UPDATE: FIX SQL injection in auth_login.php (LP: #906773) - debian/patches/CVE-2011-4824.patch: patch derived from upstream. - CVE-2011-4824 -- Mahyuddin Susanto <email address hidden> Tue, 20 Dec 2011 15:52:09 +0700
Available diffs
cacti (0.8.7g-1ubuntu0.10.10.1) maverick-security; urgency=low * SECURITY UPDATE: FIX SQL injection in auth_login.php (LP: #906773) - debian/patches/CVE-2011-4824.patch: patch derived from upstream. - CVE-2011-4824 -- Mahyuddin Susanto <email address hidden> Tue, 20 Dec 2011 15:46:56 +0700
Available diffs
cacti (0.8.7e-2ubuntu0.2) lucid-security; urgency=low * SECURITY UPDATE: FIX SQL injection in auth_login.php (LP: #906773) - debian/patches/CVE-2011-4824.patch: patch derived from upstream. - CVE-2011-4824 -- Mahyuddin Susanto <email address hidden> Tue, 20 Dec 2011 22:39:36 +0700
Available diffs
cacti (0.8.7g-2.1ubuntu0.1) oneiric-security; urgency=low * SECURITY UPDATE: FIX SQL injection in auth_login.php (LP: #906773) - debian/patches/CVE-2011-4824.patch: patch derived from upstream. - CVE-2011-4824 -- Mahyuddin Susanto <email address hidden> Tue, 20 Dec 2011 16:01:16 +0700
Available diffs
cacti (0.8.7g-2.1) unstable; urgency=low * Non-maintainer upload. * Fix pending l10n issues. Debconf translations: - French (Christian Perrier). Closes: #614903 - German (Chris Leick). Closes: #619663 - Russian (Yuri Kozlov). Closes: #623795 - Indonesian (Mahyuddin Susanto). Closes: #623886 - Japanese (Hideki Yamane). Closes: #624821 - Danish (Joe Hansen). Closes: #625482 - Dutch; (Luk Claes). Closes: #625529 - Spanish; (Francisco Javier Cuadrado). Closes: #627032 - Swedish (Martin Bagge / brother). Closes: #628928 - Czech (Miroslav Kure). Closes: #631596 - Basque (Ander Goñi). Closes: #631900 - Portuguese (Rui Branco). Closes: #631982 -- Christian Perrier <email address hidden> Wed, 29 Jun 2011 06:57:56 +0200
Available diffs
- diff from 0.8.7g-2 to 0.8.7g-2.1 (11.4 KiB)
cacti (0.8.7g-2) unstable; urgency=low
* import 2 new "official" upstream patches
* Cherry-pick upstream fix for ping output parsing (Closes: #606062).
* Lintian:
- Update Standards-Version to 3.9.1 (no changes necessary)
- Bump versioned Build-Dep on debhelper to >= 5
- Update config and postrm maintainer scripts to run with set -e
- Remove un-needed chmodding of php files in debian/rules
- Ensure the non-php files in the scripts dir are executable
- Update debconf template description to remove question from text.
- Selectively fix executable permissions on some files in the cli dir
- Include a README.source mentioning quilt
* Update debconf choices and default value for webserver configuration
* Update all debian/po files after changing debconf template
-- Ubuntu Archive Auto-Sync <email address hidden> Sat, 30 Apr 2011 12:39:40 +0000
Available diffs
- diff from 0.8.7g-1 to 0.8.7g-2 (9.8 KiB)
| Superseded in lucid-security |
| Superseded in lucid-updates |
| Deleted in lucid-proposed (Reason: moved to -updates) |
| Superseded in lucid-proposed |
cacti (0.8.7e-2ubuntu0.1) lucid-security; urgency=low
* SECURITY UPDATE: Fix SQL injection vulnerability in templates_export.php
(LP: #599892)
- debian/patches/CVE-2010-1431.patch: patch derived from upstream patch
- CVE-2010-1431
* SECURITY UPDATE: Fix cross-site scripting (XSS) vulnerabilities
- debian/patches/CVE-2010-1644.patch: patch derived from upstream patch
- CVE-2010-1644
* SECURITY UPDATE: Fix arbitrary command execution vuln
- debian/patches/CVE-2010-1645.patch: patch derived from upstream patches
- CVE-2010-1645
* SECURITY UPDATE: Fix a SQL injection vulnerability in graph.php
- debian/patches/CVE-2010-2092.patch: patch derived from Debian patch
- CVE-2010-2092
- DSA-2060
* SECURITY UPDATE: Fix cross-site scripting (XSS) vulnerabilities
- debian/patches/CVE-2010-2543.patch: patch derived from upstream patches
- CVE-2010-2543
- CVE-2010-2544
- CVE-2010-2545
-- Brian Thomason <email address hidden> Mon, 24 Jan 2011 11:20:13 -0500
Available diffs
cacti (0.8.7g-1) unstable; urgency=low
* New upstream release (Closes: #592465).
* Update context in 05_no-adodb.patch to remove fuzz.
* Remove "official" patches from previous release.
* Remove 563955_undefined_index_local_data_id.patch, incorporated upstream.
* Remove CVE-2010-2092.patch, incorporated upstream.
* Import new batch of "official" upstream patches.
* Update apache configuration to work in FastCGI deployments (Closes: #593203).
- thanks to Thijs Kinkhorst <email address hidden> (Closes: #578909).
-- Jamie Strandboge <email address hidden> Fri, 24 Sep 2010 15:29:13 +0000
Available diffs
- diff from 0.8.7e-4 to 0.8.7g-1 (259.8 KiB)
cacti (0.8.7e-4) unstable; urgency=high * Forward-port fix for CVE-2010-2092 from stable package (Closes: #582691) -- Ubuntu Archive Auto-Sync <email address hidden> Mon, 14 Jun 2010 09:49:07 +0100
Available diffs
- diff from 0.8.7e-3 to 0.8.7e-4 (2.0 KiB)
cacti (0.8.7e-3) unstable; urgency=high
* Import upstream fix for SQL injection vulnerability (no CVE assigned yet)
- thanks to Thijs Kinkhorst <email address hidden> (Closes: #578909).
-- Ubuntu Archive Auto-Sync <email address hidden> Sun, 09 May 2010 14:13:48 +0100
Available diffs
- diff from 0.8.7e-2 to 0.8.7e-3 (814 bytes)
cacti (0.8.7e-2) unstable; urgency=low
* Import 2 new "official" patches from upstream
* Italian debconf translation
- thanks to Alessandro De Zorzi <email address hidden> (Closes: #548447)
* Fix for "Undefined index: local_data_id in graphs_new.php"
- new debian patch 563955_undefined_index_local_data_id.patch
- thanks to Teodor MICU <email address hidden> (Closes: #563955)
* Fix for "must not RE-add /etc/apache2/conf.d/cacti.conf link on upgrade"
- thanks to Patrick Schoenfeld <email address hidden> (Closes: #561477)
* Bump debhelper compatibility level to 5
-- Ubuntu Archive Auto-Sync <email address hidden> Thu, 04 Feb 2010 17:25:19 +0000
Available diffs
- diff from 0.8.7e-1.1 to 0.8.7e-2 (6.1 KiB)
| Superseded in lucid-release |
cacti (0.8.7e-1.1) unstable; urgency=high
* Non-maintainer upload by the security team
* Fix several cross-site scriptings via different vectors
Fixes: CVE-2009-4032
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 01 Jan 2010 10:08:39 +0000
Available diffs
- diff from 0.8.7e-1 to 0.8.7e-1.1 (2.0 KiB)
cacti (0.8.7e-1) unstable; urgency=low
* New upstream release (Closes: #541490).
[ Sean Finney ]
* fix path to global.php in cli scripts (Closes: #525024).
- thanks to Jean-François Masure <email address hidden>
* add a watch file to track upstream updates (Closes: #527066).
- thanks to Laurent Bigonville <email address hidden>
* downgrade Depends on logrotate to a Recommends (Closes: #526997).
- thanks to Russ Allbery <email address hidden>
* updates to (eu,ru,ja) debconf translations
- eu: Piarres Beobide <email address hidden> (Closes: #535636).
- ru: Yuri Kozlov <email address hidden> (Closes: #535820).
- ja: Hideki Yamane (Debian-JP) <email address hidden> (Closes: #546229).
[ Sander Klein ]
* Change location of docs/text to docs/txt
* Removed 'Official' patches for 0.8.7d since they are not needed anymore
* Import 'Official' patches for 0.8.7e
* Make cli-include-path.patch apply
* use ':' with chown instead of deprecated '.'
* suggested spelling/grammar changes from lintian for ./debian/control
-- Ubuntu Archive Auto-Sync <email address hidden> Thu, 05 Nov 2009 05:53:36 +0000
Available diffs
- diff from 0.8.7d-1 to 0.8.7e-1 (212.4 KiB)
cacti (0.8.7d-1) unstable; urgency=low
* Imported Upstream version 0.8.7d
* update/massage/remove patches for new upstream release
* import new "official" patches for 0.8.7d
* remove obsolete dependencies on php4 packages (Closes: #514342)
* update default apache config php options (Closes: #459594)
* add Homepage field to control file (Closes: #494811)
* add Suggests: php5-ldap for ldap authentication (Closes: #496854) -
thanks to Paul Nijjar <email address hidden>
* call ucf with --debconf-ok in postinst
* copy cli directory to /usr/share/cacti (Closes: #483556)
* add gbp.conf for git-buildpackage and friends
-- Laurent Bigonville <email address hidden> Wed, 06 May 2009 18:26:48 +0100
Available diffs
- diff from 0.8.7b-2.1ubuntu2 to 0.8.7d-1 (284.0 KiB)
cacti (0.8.6h-1ubuntu3.4) dapper-security; urgency=low * SECURITY UPDATE: (LP: #164072) + CVE-2007-6035: SQL injection vulnerability in Cacti before 0.8.7a allows remote attackers to execute arbitrary SQL commands via unspecified vectors. + CVE-2007-3112: Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter. + CVE-2007-3113: Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_height or (2) graph_width parameter. * debian/patches/10_CVE-2007-6035.dpatch: - Applied patch by upstream (Based on patch by Stephan Hermann) - Link: http://www.cacti.net/downloads/patches/0.8.6j/sec_sql_injection-0.8.6j.patch * debian/patches/10_CVE-2007-3112+CVE-2007-3113.dpatch: - Applied patch by upstream (Based on patch by Stephan Hermann) - Link: http://svn.cacti.net/cgi-bin/viewvc.cgi/cacti/branches/0.8.7/graph_image.php?r1=3898&r2=3956&view=patch * References: CVE-2007-6035 CVE-2007-3112 CVE-2007-3113 -- Brian Thomason <email address hidden> Thu, 05 Feb 2009 00:16:46 -0500
Available diffs
cacti (0.8.7b-2.1ubuntu2) intrepid; urgency=low * control/watch: + added debian watch file. -- Emanuele Gentili <email address hidden> Thu, 14 Aug 2008 23:50:30 +0200
Available diffs
- diff from 0.8.7b-2.1ubuntu1 to 0.8.7b-2.1ubuntu2 (379 bytes)
| Superseded in intrepid-release |
cacti (0.8.7b-2.1ubuntu1) intrepid; urgency=low
* Merge from debian unstable, remaining changes:
+ debian/rules
- added cli directory to cp command
+ debian/control:
- added Homepage.
- update standards-version.
Available diffs
| Superseded in intrepid-release |
cacti (0.8.7b-2ubuntu2) intrepid; urgency=low * debian/control: + added Homepage. + update standards-version. -- Emanuele Gentili <email address hidden> Tue, 12 Aug 2008 14:36:40 +0200
Available diffs
- diff from 0.8.7b-2ubuntu1 to 0.8.7b-2ubuntu2 (502 bytes)
cacti (0.8.7b-2ubuntu1) hardy; urgency=low * Merge from debian unstable (LP: #194190), remaining changes: + debian/rules - added cli directory to cp command + debian/control - Modify Maintainer value to match the DebianMaintainerField specification
cacti (0.8.6i-3ubuntu0.3) feisty-security; urgency=low
* debian/patches/11_CVE-2008-0783_CVE-2008-0784_regression.dpatch: fix
'Invalid PHP_SELF Path' regression (LP: #194687)
-- Jamie Strandboge <email address hidden> Sat, 05 Apr 2008 08:21:27 -0400
cacti (0.8.6h-3ubuntu0.4) edgy-security; urgency=low
* debian/patches/12_CVE-2008-0783_CVE-2008-0784_regression.dpatch: fix
'Invalid PHP_SELF Path' regression (LP: #194687)
-- Jamie Strandboge <email address hidden> Sat, 05 Apr 2008 08:33:00 -0400
cacti (0.8.6h-1ubuntu3.3) dapper-security; urgency=low
* debian/patches/10_CVE-2008-0783_CVE-2008-0784_regression.dpatch: fix
'Invalid PHP_SELF Path' regression (LP: #194687)
-- Jamie Strandboge <email address hidden> Sat, 05 Apr 2008 08:15:28 -0400
cacti (0.8.6j-1.1ubuntu0.3) gutsy-security; urgency=low * Cacti frontend fails with 'Invalid PHP_SELF Path' (LP: #194687) + debian/patches/11_php_self_nonstandard_dir.dpatch -- Emanuele Gentili <email address hidden> Mon, 31 Mar 2008 00:03:37 +0200
cacti (0.8.6j-1.1ubuntu0.2) gutsy-security; urgency=low * SECURITY UPDATE: (LP: #192199) + CVE-2008-0783: Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via the (1) view_type parameter to graph.php, (2) filter parameter to graph_view.php, and (3) action and login_username parameters to index.php/login. + CVE-2008-0784: graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors. * debian/patches/11_CVE-2008-0783_CVE-2008-0784.dpatch: applied patch by upstream. (Link: http://www.cacti.net/downloads/patches/0.8.6j/multiple_vulnerabilities-0.8.6j.patch) * References: CVE-2008-0783 CVE-2008-0784 -- Stephan Hermann <email address hidden> Fri, 15 Feb 2008 20:26:11 +0100
cacti (0.8.6i-3ubuntu0.2) feisty-security; urgency=low * SECURITY UPDATE: (LP: #192199) + CVE-2008-0783: Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via the (1) view_type parameter to graph.php, (2) filter parameter to graph_view.php, and (3) action and login_username parameters to index.php/login. + CVE-2008-0784: graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors. * debian/patches/11_CVE-2008-0783_CVE-2008-0784.dpatch: applied patch by upstream. (backported from 0.8.6j) (Link: http://www.cacti.net/downloads/patches/0.8.6j/multiple_vulnerabilities-0.8.6j.patch) * References: CVE-2008-0783 CVE-2008-0784 -- Stephan Hermann <email address hidden> Fri, 15 Feb 2008 21:10:36 +0100
cacti (0.8.6h-3ubuntu0.3) edgy-security; urgency=low * SECURITY UPDATE: (LP: #192199) + CVE-2008-0783: Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via the (1) view_type parameter to graph.php, (2) filter parameter to graph_view.php, and (3) action and login_username parameters to index.php/login. + CVE-2008-0784: graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors. * debian/patches/11_CVE-2008-0783_CVE-2008-0784.dpatch: applied patch by upstream. (backported from 0.8.6j) (Link: http://www.cacti.net/downloads/patches/0.8.6j/multiple_vulnerabilities-0.8.6j.patch) * References: CVE-2008-0783 CVE-2008-0784 -- Emanuele Gentili <email address hidden> Sun, 17 Feb 2008 21:41:59 +0100
cacti (0.8.6h-1ubuntu3.2) dapper-security; urgency=low * SECURITY UPDATE: (LP: #192199) + CVE-2008-0783: Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via the (1) view_type parameter to graph.php, (2) filter parameter to graph_view.php, and (3) action and login_username parameters to index.php/login. + CVE-2008-0784: graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors. * debian/patches/10_CVE-2008-0783_CVE-2008-0784.dpatch: applied patch by upstream. Backported from 0.8.6j (Link: http://www.cacti.net/downloads/patches/0.8.6j/multiple_vulnerabilities-0.8.6j.patch) * References: CVE-2008-0783 CVE-2008-0784 -- Stephan Hermann <email address hidden> Fri, 15 Feb 2008 21:30:58 +0100
| Superseded in hardy-release |
cacti (0.8.7a-2ubuntu1) hardy; urgency=low
* debian/patches/cmd-php-non-unique-hosts.patch:
- added to fix the "Graph Logic Syntax" Issue (LP: #192201)
* debian/patches/graph-issue-wrra-specs.patch:
- added to fix the "Hosts with Duplicate IP Address Not Polled"
(LP: #192203)
* debian/patches/CVE-2008-0783_CVE-2008-0784_secfix.patch:
- added to fix those to security issues (LP: #192199)
* debian/rules:
- added cli directory to cp command (LP: #185858)
* Modify Maintainer value to match the DebianMaintainerField
specification.
-- Stephan Hermann <email address hidden> Fri, 15 Feb 2008 19:50:07 +0100
cacti (0.8.6j-1.1ubuntu0.1) gutsy-security; urgency=low * SECURITY UPDATE: (LP: #164072) + CVE-2007-6035: SQL injection vulnerability in Cacti before 0.8.7a allows remote attackers to execute arbitrary SQL commands via unspecified vectors. * debian/patches/10_CVE-2007-6035.dpatch: applied patch by upstream (Link: http://www.cacti.net/downloads/patches/0.8.6j/sec_sql_injection-0.8.6j.patch) * References: CVE-2007-6035 -- Stephan Hermann <email address hidden> Tue, 20 Nov 2007 15:43:10 +0100
cacti (0.8.6i-3ubuntu0.1) feisty-security; urgency=low * SECURITY UPDATE: (LP: #164072) + CVE-2007-6035: SQL injection vulnerability in Cacti before 0.8.7a allows remote attackers to execute arbitrary SQL commands via unspecified vectors. + CVE-2007-3112: Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter. + CVE-2007-3113: Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_height or (2) graph_width parameter. * debian/patches/10_CVE-2007-6035.dpatch: applied patch by upstream (Link: http://www.cacti.net/downloads/patches/0.8.6j/sec_sql_injection-0.8.6j.patch) * debian/patches/10_CVE-2007-3112+CVE-2007-3113.dpatch: - Applied patch by upstream - Link: http://svn.cacti.net/cgi-bin/viewvc.cgi/cacti/branches/0.8.7/graph_image.php?r1=3898&r2=3956&view=patch * References: CVE-2007-6035 CVE-2007-3112 CVE-2007-3113 -- Stephan Hermann <email address hidden> Tue, 20 Nov 2007 15:57:18 +0100
cacti (0.8.6h-3ubuntu0.2) edgy-security; urgency=low * SECURITY UPDATE: (LP: #164072) + CVE-2007-6035: SQL injection vulnerability in Cacti before 0.8.7a allows remote attackers to execute arbitrary SQL commands via unspecified vectors. + CVE-2007-3112: Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter. + CVE-2007-3113: Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_height or (2) graph_width parameter. * debian/patches/10_CVE-2007-6035.dpatch: applied patch by upstream (Link: http://www.cacti.net/downloads/patches/0.8.6j/sec_sql_injection-0.8.6j.patch) * debian/patches/10_CVE-2007-3112+CVE-2007-3113.dpatch: - Applied patch by upstream - Link: http://svn.cacti.net/cgi-bin/viewvc.cgi/cacti/branches/0.8.7/graph_image.php?r1=3898&r2=3956&view=patch * References: CVE-2007-6035 CVE-2007-3112 CVE-2007-3113 -- Stephan Hermann <email address hidden> Thu, 06 Dec 2007 10:37:01 +0100
cacti (0.8.7a-2) unstable; urgency=high * Update errors in copyright information (closes: #457366). -- Lionel Porcheron <email address hidden> Mon, 14 Jan 2008 19:47:06 +0000
cacti (0.8.7a-1) unstable; urgency=high
* New upstream release, including fixes for bugs and security issues.
Includes fix for CVE-2007-6035 (sql injection vulnerability)
Closes: #452085.
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 21 Nov 2007 09:49:57 +0000
cacti (0.8.7-1) unstable; urgency=low
* New upstream release.
* updated 06_config_settings.php_cactid_path.patch with an extra fix
for the cacti logfile path.
cacti (0.8.6j-1.1) unstable; urgency=high
* Non-maintainer upload with the permission of the maintainer
* Fix DoS caused by large values passed to the graph_height,
graph_width, graph_start and graph_end parameter parameters
(Closes: #429224) Fixes: CVE-2007-3112, CVE-2007-3113
-- Michael Bienia <email address hidden> Mon, 06 Aug 2007 21:42:37 +0100
cacti (0.8.6j-1) unstable; urgency=low
* New upstream release. Any further etch-targeted changes will be
handled in a seperate branch.
* The following patches are now obsolete:
- 07_official_poller_output_remainder.dpatch
- 07_official_import_template_argument_space_removal.dpatch
- 07_official_dec06-vulnerability-scripts-0.8.6i.dpatch
- 07_official_dec06-vulnerability-poller-0.8.6i.dpatch
- 08_svn_timespan_breakage_fix.dpatch
* The following new "official" patches are added:
- 07_official_graph_debug_lockup_fix.dpatch
- 07_official_ping_php_version4_snmpgetnext.dpatch
- 07_official_thumbnail_graphs_not_working.dpatch
- 07_official_tree_console_missing_hosts.dpatch
cacti (0.8.6h-1ubuntu3.1) dapper-security; urgency=low
* Thanks to sean finney <email address hidden> for most of this
imported from sid's 0.8.6i package.
* Security references: CVE-2006-6799
* Patches:
- 07_official_dec06-vulnerability-scripts-0.8.6i.dpatch
- 07_official_dec06-vulnerability-poller-0.8.6i.dpatch
- 07_official_poller_output_remainder-ubuntu.dpatch
- 07_official_import_template_argument_space_removal.dpatch
- 08_svn_timespan_breakage_fix-ubuntu.dpatch
-- Trent Lloyd <email address hidden> Sat, 14 Apr 2007 22:06:45 +0800
cacti (0.8.6h-3ubuntu0.1) edgy-security; urgency=low
* SECURITY UPDATE: SQL injection
* CVE-2006-6799.dpatch: Fix SQL injection vulnerability in Cacti when
register_argc_argv is enabled. Patch taken from upstream.
(Closes LP#78453)
* References
CVE-2006-6799
http://www.cacti.net/download_patches.php?version=0.8.6h
-- Martin Jürgens <email address hidden> Sun, 28 Jan 2007 00:10:31 +0100
cacti (0.8.6i-3) unstable; urgency=high
* include the list of official patches from upstream which (among other
things) resolves multiple vulnerabilities in the poller and default
scripts (Closes: 404818). thanks to Alex de Oliveira Silva for reporting
this, and Neil McGovern for a bit of consultation.
* security references:
- SA23528, CVE-2006-6799
* also include one extra changeset from svn which fixes a regression
introduced in the security patch.
* new patches:
- 07_official_dec06-vulnerability-scripts-0.8.6i.dpatch
- 07_official_dec06-vulnerability-poller-0.8.6i.dpatch
- 07_official_poller_output_remainder.dpatch
- 07_official_import_template_argument_space_removal.dpatch
- 08_svn_timespan_breakage_fix.dpatch
-- StefanPotyra <email address hidden> Mon, 22 Jan 2007 10:21:08 +0000
cacti (0.8.6i-2) unstable; urgency=low
* let cacti know where the cactid binary is, since it doesn't
seem to have a reasonable default an longer.
| Obsolete in dapper-backports |
cacti (0.8.6h-3~dapper1) dapper-backports; urgency=low * Automated backport upload; no source changes. -- John Dong <email address hidden> Tue, 29 Aug 2006 18:17:32 +0100
cacti (0.8.6h-3) unstable; urgency=low
* official patch from upstream to fix database corruption and display some
users were having as a result of the differing version of adodb
in debian vs. the bundled version in cacti. thanks to the upstream
authors for their help addressing the issue, and to Rene Cunningham
for testing out the initial version of the patch.
(closes: #364391, #351342)
* added note to README.Debian about potential unmet dependencies in
mixed php4/php5 environments (thanks to Uwe Storbeck), and also
about checking the cli configuration for the required modules (thanks
to Troy Poppe), and also about potential problems with the cli
poller and safe_mode (thanks to Birger Brunswiek) (closes: #359964).
* update package description to mention that it's likely that mysql-server
should also be installed unless cacti is to be configured against a
remote database system (closes: #349754).
* added a note to README.Debian about the initial user/pass, at the
suggestion of Jonas Genannt, thanks. (closes: #352724).
* changed package dependencies to list apache2 as the first of the
series of apache-providing packages, and likewise reordered the
php/apache modules (closes: #356843).
* updated version of 08_official-mysql_5x_strict.dpatch which fixes
the breakage in ldap authentication reported by Matt Clauson, thanks.
(closes: #354663)
cacti (0.8.6h-1ubuntu3) dapper; urgency=low * Install apache2 by default. (Malone: #29008) -- Steve Kowalik <email address hidden> Sun, 30 Apr 2006 22:20:37 +1000
cacti (0.8.6h-1ubuntu2) dapper; urgency=low * debian/control: Add missing Depends on dbconfig-common. -- Daniel T Chen <email address hidden> Wed, 11 Jan 2006 07:56:16 -0800
| Superseded in dapper-release |
cacti (0.8.6h-1ubuntu1) dapper; urgency=low * Resynchronise with Debian. -- Daniel T Chen <email address hidden> Sat, 07 Jan 2006 12:48:27 +0000
| Superseded in dapper-release |
cacti (0.8.6g-3ubuntu1) dapper; urgency=low * Resynchronise with Debian. -- Stephan Hermann <email address hidden> Sat, 10 Dec 2005 22:24:18 +0100
| Obsolete in breezy-release |
cacti (0.8.6f-2ubuntu1) breezy; urgency=low * Migrate Depends: to php5 -- Brandon Hale <email address hidden> Sun, 11 Sep 2005 11:12:54 -0400
| 76 → 150 of 152 results | First • Previous • Next • Last |
