lp:ubuntu/trusty-updates/cacti
- Get this branch:
- bzr branch lp:ubuntu/trusty-updates/cacti
Branch merges
Branch information
Recent revisions
- 46. By Paul Gevers
-
* Security update (LP: #1210822):
- CVE-2015-2665 Cross-site scripting (XSS) vulnerability in Cacti
before 0.8.8d allows remote attackers to inject arbitrary web script
or HTML via unspecified vectors.
- CVE-2015-4342 SQL Injection and Location header injection from cdef
id
- CVE-2015-4454 SQL injection vulnerability in the
get_hash_graph_ template function in lib/functions.php in Cacti before
0.8.8d allows remote attackers to execute arbitrary SQL commands via
the graph_template_id parameter to graph_templates.php.
- Unassigned CVE SQL injection VN:JVN#78187936 / TN:JPCERT#98968540
- CVE-2014-5261 Unsufficient input sanitation leads to shell command
injection possibilities
- CVE-2014-5262 Incomplete and incorrect input parsing leads to SQL
injection attack scenarios
- CVE-2014-5025 Cross Site Scripting Vulnerability
- CVE-2014-5026 Cross Site Scripting Vulnerability
- CVE-2014-5043 Cross Site Scripting Vulnerability
- CVE-2014-2327 Cross Site Request Forgery Vulnerability
- CVE-2014-4002 Cross-Site Scripting Vulnerability - 45. By Paul Gevers
-
Fix postinst for lighttpd setups which fail on update due to
lighty-enable-mod exiting with non-zero if config is already loaded
(Closes: 743727) - 44. By Paul Gevers
-
* Fix Cross site scripting (upstream bug 2383)
CVE-2013-5588
* Fix SQL injection in host.php (upstream bug 2383)
CVE-2013-5589
* Fix upgrade script in cli directory for latest releases
* Automatically upgrade database during package update (prevents upstream
bug 2377)
* The code to enable lighttpd configuration from LP: #1132415 was broken - 43. By Paul Gevers
-
* CVE-2013-1435 fix cause a regression in the handling of empty COMMENT
lines in the rrd legend. Fixed by upstream:
fix_COMMENT_in_graph_ regression_ from_CVE- 2013-1435. patch (Closes: #719156)
* Update jquery stylesheet to provide the cacti background color - 42. By Paul Gevers
-
* Fix typo in cacti.postrm which prevented proper purging (Closes: #707010)
* Update use_jquery_for_debian. patch to not load jquery-cookie if it is
not installed on the system (Closes: #708001) - 41. By Paul Gevers
-
* Improve maintenance scripts
- Prepare cacti configuration for Apache2.4 according to
http://wiki.debian. org/Apache/ PackagingFor24
- Improve cacti.config to fix dpkg-reconfigure behavior for httpd's.
- Restart lighttpd if needed (LP: #1132415)
- Remove obsolete (Sarge) preinst code
* Fix the lighttpd config template for absolute path (see LP: #1132415)
* Lintian triggered improvements:
- Update watch file for +dfsg in the version
- Add dependency on mysql-client (next to virtual-mysql-client)
* Bug fixes:
- Add patch loadavg_multi_locale_ friendly. patch to allow uptime script to
work independent of the local locale (Closes: #704057)
- Add patch fix_php_strict_ warning_ in_ping. patch to fix php 5.4 warnings
(Closes: #694159)
- Add patch poller_cache_rebuild_ on_install. patch to start filling the
auto-generated graphs upon installation (Upstream: 2229)
* Move configuration files away from /usr/share/doc/cacti (policy 12.3)
* Remove obsolete RM-Upload-Allowed from d/control
* Revisited README.Debian - 40. By Paul Gevers
-
Update debian/NEWS.Debian to explain the recommended packages for the tree,
which seem to be not installed by default upon upgrade, and make sure it is
actually installed.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/wily/cacti