-
cacti (0.8.8b+dfsg-8+deb8u3build0.15.04.1) vivid-security; urgency=medium
* fake sync from Debian
cacti (0.8.8b+dfsg-8+deb8u3) jessie-security; urgency=high
* Add upstream patch to fix (Closes: #807599)
- CVE-2015-8369 SQL Injection vulnerability in graph.php
-- Tyler Hicks <email address hidden> Thu, 17 Dec 2015 14:25:41 -0600
-
cacti (0.8.8b+dfsg-8+deb8u2build0.15.04.1) vivid-security; urgency=medium
* fake sync from Debian
cacti (0.8.8b+dfsg-8+deb8u2) jessie-security; urgency=high
* Security update
- CVE-2015-4634 SQL injection in graphs.php
- Multiple other SQL injection vulnerabilities
-- Marc Deslauriers <email address hidden> Thu, 23 Jul 2015 10:04:32 -0400
-
cacti (0.8.8b+dfsg-8+deb8u1build0.15.04.1) vivid-security; urgency=medium
* fake sync from Debian (LP: #1210822)
cacti (0.8.8b+dfsg-8+deb8u1) jessie-security; urgency=high
* Security update
- CVE-2015-2665 Cross-site scripting (XSS) vulnerability in Cacti
before 0.8.8d allows remote attackers to inject arbitrary web script
or HTML via unspecified vectors.
- CVE-2015-4342 SQL Injection and Location header injection from cdef
id
- CVE-2015-4454 SQL injection vulnerability in the
get_hash_graph_template function in lib/functions.php in Cacti before
0.8.8d allows remote attackers to execute arbitrary SQL commands via
the graph_template_id parameter to graph_templates.php.
- Unassigned CVE SQL injection VN:JVN#78187936 / TN:JPCERT#98968540
-- Steve Beattie <email address hidden> Tue, 30 Jun 2015 11:47:36 -0700
-
cacti (0.8.8b+dfsg-8) unstable; urgency=high
* CVE-2014-5261
Unsufficient input sanitation leads to shell command injection
possibilities
* CVE-2014-5262
Incomplete and incorrect input parsing leads to SQL injection attack
scenarios
* Fix for CVE-2014-5043 was incomplete, improve patch
* Change CVE-2014-4002 patch to include upstream updated commits
-- Paul Gevers <email address hidden> Mon, 18 Aug 2014 19:57:43 +0200
