Ubuntu
cacti package

lp:ubuntu/gutsy-security/cacti

  1. Gutsy (7.10)
  2. gutsy-security
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/gutsy-security/cacti
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

16. By Emanuele Gentili

* Cacti frontend fails with 'Invalid PHP_SELF Path' (LP: #194687)
 + debian/patches/11_php_self_nonstandard_dir.dpatch

15. By Stephan RĂ¼gamer

* SECURITY UPDATE: (LP: #192199)
  + CVE-2008-0783: Multiple cross-site scripting (XSS) vulnerabilities in
    Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to
    inject arbitrary web script or HTML via the (1) view_type parameter to
    graph.php, (2) filter parameter to graph_view.php, and (3) action and
    login_username parameters to index.php/login.
  + CVE-2008-0784: graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before
    0.8.6k allows remote attackers to obtain the full path via an invalid
    local_graph_id parameter and other unspecified vectors.
* debian/patches/11_CVE-2008-0783_CVE-2008-0784.dpatch: applied patch by
  upstream.
  (Link: http://www.cacti.net/downloads/patches/0.8.6j/multiple_vulnerabilities-0.8.6j.patch)
* References:
  CVE-2008-0783
  CVE-2008-0784

14. By Stephan RĂ¼gamer

* SECURITY UPDATE: (LP: #164072)
  + CVE-2007-6035: SQL injection vulnerability in Cacti before 0.8.7a allows
    remote attackers to execute arbitrary SQL commands via unspecified vectors.
* debian/patches/10_CVE-2007-6035.dpatch: applied patch by upstream
  (Link: http://www.cacti.net/downloads/patches/0.8.6j/sec_sql_injection-0.8.6j.patch)
* References:
  CVE-2007-6035

13. By Steffen Joeris <email address hidden>

* Non-maintainer upload with the permission of the maintainer
* Fix DoS caused by large values passed to the graph_height,
  graph_width, graph_start and graph_end parameter parameters
  (Closes: #429224) Fixes: CVE-2007-3112, CVE-2007-3113

12. By sean finney <email address hidden>

* New upstream release. Any further etch-targeted changes will be
  handled in a seperate branch.
* The following patches are now obsolete:
  - 07_official_poller_output_remainder.dpatch
  - 07_official_import_template_argument_space_removal.dpatch
  - 07_official_dec06-vulnerability-scripts-0.8.6i.dpatch
  - 07_official_dec06-vulnerability-poller-0.8.6i.dpatch
  - 08_svn_timespan_breakage_fix.dpatch
* The following new "official" patches are added:
  - 07_official_graph_debug_lockup_fix.dpatch
  - 07_official_ping_php_version4_snmpgetnext.dpatch
  - 07_official_thumbnail_graphs_not_working.dpatch
  - 07_official_tree_console_missing_hosts.dpatch

11. By sean finney <email address hidden>

* include the list of official patches from upstream which (among other
  things) resolves multiple vulnerabilities in the poller and default
  scripts (Closes: 404818). thanks to Alex de Oliveira Silva for reporting
  this, and Neil McGovern for a bit of consultation.
* security references:
  - SA23528, CVE-2006-6799
* also include one extra changeset from svn which fixes a regression
  introduced in the security patch.
* new patches:
  - 07_official_dec06-vulnerability-scripts-0.8.6i.dpatch
  - 07_official_dec06-vulnerability-poller-0.8.6i.dpatch
  - 07_official_poller_output_remainder.dpatch
  - 07_official_import_template_argument_space_removal.dpatch
  - 08_svn_timespan_breakage_fix.dpatch

10. By sean finney <email address hidden>

let cacti know where the cactid binary is, since it doesn't
seem to have a reasonable default an longer.

9. By sean finney <email address hidden>

* official patch from upstream to fix database corruption and display some
  users were having as a result of the differing version of adodb
  in debian vs. the bundled version in cacti. thanks to the upstream
  authors for their help addressing the issue, and to Rene Cunningham
  for testing out the initial version of the patch.
  (closes: #364391, #351342)
* added note to README.Debian about potential unmet dependencies in
  mixed php4/php5 environments (thanks to Uwe Storbeck), and also
  about checking the cli configuration for the required modules (thanks
  to Troy Poppe), and also about potential problems with the cli
  poller and safe_mode (thanks to Birger Brunswiek) (closes: #359964).
* update package description to mention that it's likely that mysql-server
  should also be installed unless cacti is to be configured against a
  remote database system (closes: #349754).
* added a note to README.Debian about the initial user/pass, at the
  suggestion of Jonas Genannt, thanks. (closes: #352724).
* changed package dependencies to list apache2 as the first of the
  series of apache-providing packages, and likewise reordered the
  php/apache modules (closes: #356843).
* updated version of 08_official-mysql_5x_strict.dpatch which fixes
  the breakage in ldap authentication reported by Matt Clauson, thanks.
  (closes: #354663)

8. By Steve Kowalik

Install apache2 by default. (Malone: #29008)

7. By Daniel T Chen

debian/control: Add missing Depends on dbconfig-common.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/karmic/cacti
This branch contains Public information 
Everyone can see this information.

Subscribers