lp:ubuntu/utopic-security/cacti

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

51. By Steve Beattie on 2015-06-30

fake sync from Debian (LP: #1210822)

50. By Paul Gevers on 2014-08-18

* CVE-2014-5261
  Unsufficient input sanitation leads to shell command injection
  possibilities
* CVE-2014-5262
  Incomplete and incorrect input parsing leads to SQL injection attack
  scenarios
* Fix for CVE-2014-5043 was incomplete, improve patch
* Change CVE-2014-4002 patch to include upstream updated commits

49. By Paul Gevers on 2014-07-24

* Fix regression caused by fixing CVE-2014-4002 at least plugin autom8
  was unusable (Closes: #755032)
* Security update
  - CVE-2014-5025 Cross Site Scripting Vulnerability
  - CVE-2014-5026 Cross Site Scripting Vulnerability
  - CVE-2014-5043 Cross Site Scripting Vulnerability

48. By Paul Gevers on 2014-06-25

* Add alternative php5-mysql | php5-mysqlnd (Closes: #744067)
* Security update (Closes: #742768, #752573)
  - CVE-2014-2327 Cross Site Request Forgery Vulnerability
  - CVE-2014-4002 Cross-Site Scripting Vulnerability

47. By Paul Gevers on 2014-04-06

Fix postinst for lighttpd setups which fail on update due to
lighty-enable-mod exiting with non-zero if config is already loaded
(Closes: 743727)

46. By Paul Gevers on 2014-04-05

* Security update (Closes: 743565)
  - CVE-2014-2326 Cross-site scripting (XSS) vulnerability
  - CVE-2014-2328 Unspecified Remote Command Execution Vulnerability
  - CVE-2014-2708 SQL injection
  - CVE-2014-2709 Unspecified Remote Command Execution Vulnerability
* Bump standards (no changes needed)
* Fix VCS-Browser field
* Fix license paragraph of jstree (Thanks lintian)

45. By Paul Gevers on 2013-08-27

* Fix Cross site scripting (upstream bug 2383)
  CVE-2013-5588
* Fix SQL injection in host.php (upstream bug 2383)
  CVE-2013-5589
* Fix upgrade script in cli directory for latest releases
* Automatically upgrade database during package update (prevents upstream
  bug 2377)
* The code to enable lighttpd configuration from LP: #1132415 was broken

44. By Paul Gevers on 2013-08-09

* CVE-2013-1435 fix cause a regression in the handling of empty COMMENT
  lines in the rrd legend. Fixed by upstream:
  fix_COMMENT_in_graph_regression_from_CVE-2013-1435.patch (Closes: #719156)
* Update jquery stylesheet to provide the cacti background color

43. By Paul Gevers on 2013-08-07

* New upstream release
  - Fixes SQL or command line injection via snmp settings or
    graph creation or edition that allows privileged users to execute
    arbitrary SQL commands or command line commands. CVE-2013-1434 and
    CVE-2013-1435
  - poller_cache_rebuild_on_install.patch included
* Add d/rules get-orig-source target and accompanying script
* Update japanese translation, thank victory (Closes: #717203)
* Update vcs-* fields (thanks lintian)
* Update standards (no changes needed)
* Update years and my address in d/copyright
* Allow any php5 SAPI provider to satify cacti dependency, thanks
  Ondřej Surý (php5 maintainer). Thus reverting the solution to bug
  #654843 as the original report was not a bug but a reporter mistake.
  libapache2-mod-fcgid does not provide php5 SAPI.

42. By Paul Gevers on 2013-05-18

* Fix typo in cacti.postrm which prevented proper purging (Closes: #707010)
* Update use_jquery_for_debian.patch to not load jquery-cookie if it is
  not installed on the system (Closes: #708001)