~rafaeldtinoco/ubuntu/+source/cacti:lp1863739-focal

Branch merges

Propose for merging

Merged into ubuntu/+source/cacti:debian/sid at revision 17e9b5454a6f074f486e837f46160f5e7ba55258

Graham Inggs: Pending requested 2020-02-18

Canonical Server MOTU reviewers: Pending requested 2020-02-18

Canonical Server Core Reviewers: Pending requested 2020-02-18

Canonical Server: Pending requested 2020-02-18

Diff: 160 lines (+94/-4)

6 files modified

debian/README.Debian (+8/-3)
debian/cacti.config (+1/-0)
debian/changelog (+38/-0)
debian/control (+2/-1)
debian/patches/general-instructions-no-auto-create-user.patch (+44/-0)
debian/patches/series (+1/-0)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

17e9b54... by Rafael David Tinoco on 2020-02-18

update-maintainer

baa38d0... by Rafael David Tinoco on 2020-02-18

reconstruct-changelog

8fa880a... by Rafael David Tinoco on 2020-02-18

merge-changelogs

9f5b59a... by Rafael David Tinoco on 2020-02-18

* Dropped: Replace php-php-gettext dependency in order to fix
  translations (LP: #1844070), according to:
  - https://github.com/Cacti/cacti/issues/2508
  - https://github.com/Cacti/cacti/issues/2924
  - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851771

2d0a9a6... by Rafael David Tinoco on 2020-02-18

* Use new dbconfig "dbc_authplugin" variable to mitigate MySQL 8 issues.
  (refreshed when merging with debian 1.2.9+ds1-1)

0c19df8... by Rafael David Tinoco on 2020-02-18

* General installing instructions update for NO_AUTO_CREATE_USER.
  (refreshed when merging with debian 1.2.9+ds1-1)

57a9451... by Rafael David Tinoco on 2020-02-18

* Dropped: MySQL 8 change needs: NO_AUTO_CREATE_USER and grouping
  keyword. (merged upstream 1.2.4-212-gff6056d3)

5d9b198... by Paul Gevers on 2020-02-13

Import patches-unapplied version 1.2.9+ds1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 801e57894408a8925b5b9dbf328b40027c48f4e7

New changelog entries:
  * New upstream version 1.2.9+ds1
    CVE-2020-7106 Remote Code Execution (by privileged users) via shell
    metacharacters in the Performance Boost Debug Log field of
    poller_automation.php. (Closes: #949996)
    CVE-2020-7237 Stored XSS in data_sources.php,
    color_templates_item.php, graphs.php, graph_items.php,
    lib/api_automation.php, user_admin.php, and user_group_admin.php, as
    demonstrated by the description parameter in data_sources.php (Closes:
    #949997)

801e578... by Paul Gevers on 2019-12-28

Import patches-unapplied version 1.2.8+ds1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 09eb0e6587db562904b28c973a4d3d4311874edc

New changelog entries:
  * New upstream version 1.2.8+ds1
    CVE-2019-17357 When viewing graphs, some input variables are not
    properly checked (SQL injection possible) (Closes: #947374)
    CVE-2019-17358 When deserializating data, ensure basic sanitization
    has been performed (Closes: #947375)

09eb0e6... by Paul Gevers on 2019-10-06

Import patches-unapplied version 1.2.7+ds1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f11a0026b85608107ac3618632237e0bb3021aba

New changelog entries:
  * New upstream version 1.2.7+ds1
    CVE-2019-16723 Security issue allows to view all graphs (Closes:
    #941036)
  * Refresh and drop patches to match upstream