lp://staging/ubuntu/edgy-security/cacti
- Get this branch:
- bzr branch lp://staging/ubuntu/edgy-security/cacti
Branch merges
Related source package recipes
Branch information
Recent revisions
- 13. By Jamie Strandboge
-
debian/
patches/ 12_CVE- 2008-0783_ CVE-2008- 0784_regression .dpatch: fix
'Invalid PHP_SELF Path' regression (LP: #194687) - 12. By Emanuele Gentili
-
* SECURITY UPDATE: (LP: #192199)
+ CVE-2008-0783: Multiple cross-site scripting (XSS) vulnerabilities in
Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to
inject arbitrary web script or HTML via the (1) view_type parameter to
graph.php, (2) filter parameter to graph_view.php, and (3) action and
login_username parameters to index.php/login.
+ CVE-2008-0784: graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before
0.8.6k allows remote attackers to obtain the full path via an invalid
local_graph_id parameter and other unspecified vectors.
* debian/patches/ 11_CVE- 2008-0783_ CVE-2008- 0784.dpatch: applied patch by
upstream. (backported from 0.8.6j)
(Link: http://www.cacti. net/downloads/ patches/ 0.8.6j/ multiple_ vulnerabilities -0.8.6j. patch)
* References:
CVE-2008-0783
CVE-2008-0784 - 11. By Stephan RĂ¼gamer
-
* SECURITY UPDATE: (LP: #164072)
+ CVE-2007-6035: SQL injection vulnerability in Cacti before 0.8.7a allows
remote attackers to execute arbitrary SQL commands via unspecified
vectors.
+ CVE-2007-3112: Cacti 0.8.6i, and possibly other versions, allows remote
authenticated users to cause a denial of service (CPU consumption) via a large
value of the (1) graph_start or (2) graph_end parameter.
+ CVE-2007-3113: Cacti 0.8.6i, and possibly other versions, allows remote
authenticated users to cause a denial of service (CPU consumption) via a large
value of the (1) graph_height or (2) graph_width parameter.
* debian/patches/ 10_CVE- 2007-6035. dpatch: applied patch by upstream
(Link: http://www.cacti. net/downloads/ patches/ 0.8.6j/ sec_sql_ injection- 0.8.6j. patch)
* debian/patches/ 10_CVE- 2007-3112+ CVE-2007- 3113.dpatch:
- Applied patch by upstream
- Link: http://svn.cacti. net/cgi- bin/viewvc. cgi/cacti/ branches/ 0.8.7/graph_ image.php? r1=3898& r2=3956& view=patch
* References:
CVE-2007-6035
CVE-2007-3112
CVE-2007-3113 - 10. By magilus
-
* SECURITY UPDATE: SQL injection
* CVE-2006-6799.dpatch: Fix SQL injection vulnerability in Cacti when
register_argc_argv is enabled. Patch taken from upstream.
(Closes LP#78453)
* References
CVE-2006-6799
http://www.cacti. net/download_ patches. php?version= 0.8.6h - 9. By sean finney <email address hidden>
-
* official patch from upstream to fix database corruption and display some
users were having as a result of the differing version of adodb
in debian vs. the bundled version in cacti. thanks to the upstream
authors for their help addressing the issue, and to Rene Cunningham
for testing out the initial version of the patch.
(closes: #364391, #351342)
* added note to README.Debian about potential unmet dependencies in
mixed php4/php5 environments (thanks to Uwe Storbeck), and also
about checking the cli configuration for the required modules (thanks
to Troy Poppe), and also about potential problems with the cli
poller and safe_mode (thanks to Birger Brunswiek) (closes: #359964).
* update package description to mention that it's likely that mysql-server
should also be installed unless cacti is to be configured against a
remote database system (closes: #349754).
* added a note to README.Debian about the initial user/pass, at the
suggestion of Jonas Genannt, thanks. (closes: #352724).
* changed package dependencies to list apache2 as the first of the
series of apache-providing packages, and likewise reordered the
php/apache modules (closes: #356843).
* updated version of 08_official-mysql_5x_ strict. dpatch which fixes
the breakage in ldap authentication reported by Matt Clauson, thanks.
(closes: #354663)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/karmic/cacti
