Ubuntu
cacti package

cacti 0.8.8b+dfsg-5ubuntu0.1 source package in Ubuntu

Changelog

cacti (0.8.8b+dfsg-5ubuntu0.1) trusty-security; urgency=medium

  * Security update (LP: #1210822):
    - CVE-2015-2665 Cross-site scripting (XSS) vulnerability in Cacti
      before 0.8.8d allows remote attackers to inject arbitrary web script
      or HTML via unspecified vectors.
    - CVE-2015-4342 SQL Injection and Location header injection from cdef
      id
    - CVE-2015-4454 SQL injection vulnerability in the
      get_hash_graph_template function in lib/functions.php in Cacti before
      0.8.8d allows remote attackers to execute arbitrary SQL commands via
      the graph_template_id parameter to graph_templates.php.
    - Unassigned CVE SQL injection VN:JVN#78187936 / TN:JPCERT#98968540
    - CVE-2014-5261 Unsufficient input sanitation leads to shell command
      injection possibilities
    - CVE-2014-5262 Incomplete and incorrect input parsing leads to SQL
      injection attack scenarios
    - CVE-2014-5025 Cross Site Scripting Vulnerability
    - CVE-2014-5026 Cross Site Scripting Vulnerability
    - CVE-2014-5043 Cross Site Scripting Vulnerability
    - CVE-2014-2327 Cross Site Request Forgery Vulnerability
    - CVE-2014-4002 Cross-Site Scripting Vulnerability

 -- Paul Gevers <email address hidden>  Sat, 27 Jun 2015 14:25:12 +0200

Upload details

Uploaded by:
Paul Gevers
Sponsored by:
Steve Beattie
Uploaded to:
Trusty
Original maintainer:
Ubuntu Developers
Architectures:
all
Section:
web
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Trusty: [FULLYBUILT] i386

Downloads

File Size SHA-256 Checksum
cacti_0.8.8b+dfsg.orig.tar.bz2 2.0 MiB bc4b733055e66e1f75e67e697d97793c072ce82e31c5cfa21aab781cc470171b
cacti_0.8.8b+dfsg-5ubuntu0.1.debian.tar.gz 124.2 KiB dee1c8a412281b81c23f46089f118d2fb91e0125711a996479b693cba12b561d
cacti_0.8.8b+dfsg-5ubuntu0.1.dsc 2.0 KiB 48b5e60a0d3a4d6d6d6448e94cd7a57e16c55b20ea58d197d10872053398a06f

View changes file

Binary packages built by this source

cacti: web interface for graphing of monitoring systems

 Cacti is a complete PHP-driven front-end for RRDTool. It stores all of
 the necessary data source information to create graphs, handles the data
 gathering, and populates the MySQL database with round-robin archives.
 It also includes SNMP support for those used to creating traffic graphs
 with MRTG.
 .
 This package requires a functional MySQL database server on either the
 installation host or a remotely accessible system.