lp:ubuntu/trusty-updates/cacti

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

46. By Paul Gevers on 2015-06-27

* Security update (LP: #1210822):
  - CVE-2015-2665 Cross-site scripting (XSS) vulnerability in Cacti
    before 0.8.8d allows remote attackers to inject arbitrary web script
    or HTML via unspecified vectors.
  - CVE-2015-4342 SQL Injection and Location header injection from cdef
    id
  - CVE-2015-4454 SQL injection vulnerability in the
    get_hash_graph_template function in lib/functions.php in Cacti before
    0.8.8d allows remote attackers to execute arbitrary SQL commands via
    the graph_template_id parameter to graph_templates.php.
  - Unassigned CVE SQL injection VN:JVN#78187936 / TN:JPCERT#98968540
  - CVE-2014-5261 Unsufficient input sanitation leads to shell command
    injection possibilities
  - CVE-2014-5262 Incomplete and incorrect input parsing leads to SQL
    injection attack scenarios
  - CVE-2014-5025 Cross Site Scripting Vulnerability
  - CVE-2014-5026 Cross Site Scripting Vulnerability
  - CVE-2014-5043 Cross Site Scripting Vulnerability
  - CVE-2014-2327 Cross Site Request Forgery Vulnerability
  - CVE-2014-4002 Cross-Site Scripting Vulnerability

45. By Paul Gevers on 2014-04-06

Fix postinst for lighttpd setups which fail on update due to
lighty-enable-mod exiting with non-zero if config is already loaded
(Closes: 743727)

44. By Paul Gevers on 2013-08-27

* Fix Cross site scripting (upstream bug 2383)
  CVE-2013-5588
* Fix SQL injection in host.php (upstream bug 2383)
  CVE-2013-5589
* Fix upgrade script in cli directory for latest releases
* Automatically upgrade database during package update (prevents upstream
  bug 2377)
* The code to enable lighttpd configuration from LP: #1132415 was broken

43. By Paul Gevers on 2013-08-09

* CVE-2013-1435 fix cause a regression in the handling of empty COMMENT
  lines in the rrd legend. Fixed by upstream:
  fix_COMMENT_in_graph_regression_from_CVE-2013-1435.patch (Closes: #719156)
* Update jquery stylesheet to provide the cacti background color

42. By Paul Gevers on 2013-05-18

* Fix typo in cacti.postrm which prevented proper purging (Closes: #707010)
* Update use_jquery_for_debian.patch to not load jquery-cookie if it is
  not installed on the system (Closes: #708001)

41. By Paul Gevers on 2013-05-05

* Improve maintenance scripts
  - Prepare cacti configuration for Apache2.4 according to
    http://wiki.debian.org/Apache/PackagingFor24
  - Improve cacti.config to fix dpkg-reconfigure behavior for httpd's.
  - Restart lighttpd if needed (LP: #1132415)
  - Remove obsolete (Sarge) preinst code
* Fix the lighttpd config template for absolute path (see LP: #1132415)
* Lintian triggered improvements:
  - Update watch file for +dfsg in the version
  - Add dependency on mysql-client (next to virtual-mysql-client)
* Bug fixes:
  - Add patch loadavg_multi_locale_friendly.patch to allow uptime script to
    work independent of the local locale (Closes: #704057)
  - Add patch fix_php_strict_warning_in_ping.patch to fix php 5.4 warnings
    (Closes: #694159)
  - Add patch poller_cache_rebuild_on_install.patch to start filling the
    auto-generated graphs upon installation (Upstream: 2229)
* Move configuration files away from /usr/share/doc/cacti (policy 12.3)
* Remove obsolete RM-Upload-Allowed from d/control
* Revisited README.Debian

40. By Paul Gevers on 2013-04-11

Update debian/NEWS.Debian to explain the recommended packages for the tree,
which seem to be not installed by default upon upgrade, and make sure it is
actually installed.

39. By Paul Gevers on 2013-04-01

Improve jquery tree patch to show trees multilevel (Closes: #702690)

38. By Paul Gevers on 2013-02-19

Fixed typo in recommends libjs-jquery* i.s.o. libjs-query (Closes: #700999)

37. By Paul Gevers on 2013-01-29

Upload to unstable after acknowledge by the RT, see #694850.