Comment 5 for bug 906773

> How did you generate these? Did you test the patched packages?

By looking at upstream svn changes i can modify debian sources easily. Yes, i tested it.

 > When submitting, can you remove this from the debdiff?

Yup

> One last thing, cacti on lucid has several other open CVEs: CVE-2010-1644, CVE-2010-1645, CVE-2010-2543, CVE-2010-2544 and CVE-2010-2545. Do you plan on providing patches for these as well? If so, please update the debdiff to include these as well. Thanks again!

CVE's as mention in above has been resolved in 0.8.7e-2ubuntu0.1 by Brian Thomson. Here is changelog in 0.8.7e-2ubuntu0.1:
cacti (0.8.7e-2ubuntu0.1) lucid-security; urgency=low

  * SECURITY UPDATE: Fix SQL injection vulnerability in templates_export.php
    (LP: #599892)
    - debian/patches/CVE-2010-1431.patch: patch derived from upstream patch
    - CVE-2010-1431
  * SECURITY UPDATE: Fix cross-site scripting (XSS) vulnerabilities
    - debian/patches/CVE-2010-1644.patch: patch derived from upstream patch
    - CVE-2010-1644
  * SECURITY UPDATE: Fix arbitrary command execution vuln
    - debian/patches/CVE-2010-1645.patch: patch derived from upstream patches
    - CVE-2010-1645
  * SECURITY UPDATE: Fix a SQL injection vulnerability in graph.php
    - debian/patches/CVE-2010-2092.patch: patch derived from Debian patch
    - CVE-2010-2092
    - DSA-2060
  * SECURITY UPDATE: Fix cross-site scripting (XSS) vulnerabilities
    - debian/patches/CVE-2010-2543.patch: patch derived from upstream patches
    - CVE-2010-2543
    - CVE-2010-2544
    - CVE-2010-2545

 -- Brian Thomason <email address hidden> Mon, 24 Jan 2011 11:20:13 -0500