lp:ubuntu/wily-proposed/cacti

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

54. By Paul Gevers on 2015-08-03

* Update loadavg_multi_locale_friendly.patch (Closes: #793401)
* Add missing manual.css (Closes: #783416)
* Fix d/rules override_dh_*configure target (Wasn't ever run,
  althought that wasn't too bad until now)

53. By Paul Gevers on 2015-07-21

New upstream release fixing some regressions in 0.8.8e

52. By Paul Gevers on 2015-07-15

* Imported Upstream version 0.8.8e
  - CVE-2015-4634 multiple SQL Injection vulnerabilities
* Add new jquery scripts to Files-Exculded
* Refresh patches

51. By Paul Gevers on 2015-06-22

* Upload to unstable
* New upstream release
  - CVE-2015-2665 Cross-site scripting (XSS) vulnerability in Cacti
    before 0.8.8d allows remote attackers to inject arbitrary web script
    or HTML via unspecified vectors.
  - CVE-2015-4342 SQL Injection and Location header injection from cdef id
  - CVE-2015-4454 SQL injection vulnerability in the
    get_hash_graph_template function in lib/functions.php in Cacti before
    0.8.8d allows remote attackers to execute arbitrary SQL commands via
    the graph_template_id parameter to graph_templates.php.
  - Unassigned CVE VN:JVN#78187936 / TN:JPCERT#98968540 Fixed SQL injection
* Remove Sean from the list of uploaders. Thanks for all the fish
  (Closes: #773436)
* Fix d/p/07_cli-include-path.patch (LP: #1433665)
* Update debian/patches/fix_php_strict_warning_in_ping.patch for partial
  upstream fix
* Include the virtual alternative for the recommends on mysql-server
  (Closes: #781982)
* Upstream dropped unused javascripts, remove them from d/copyright
* Add patch to have upgrade script mention version 0.8.8d i.s.o. 0.8.8c

50. By Paul Gevers on 2014-08-18

* CVE-2014-5261
  Unsufficient input sanitation leads to shell command injection
  possibilities
* CVE-2014-5262
  Incomplete and incorrect input parsing leads to SQL injection attack
  scenarios
* Fix for CVE-2014-5043 was incomplete, improve patch
* Change CVE-2014-4002 patch to include upstream updated commits

49. By Paul Gevers on 2014-07-24

* Fix regression caused by fixing CVE-2014-4002 at least plugin autom8
  was unusable (Closes: #755032)
* Security update
  - CVE-2014-5025 Cross Site Scripting Vulnerability
  - CVE-2014-5026 Cross Site Scripting Vulnerability
  - CVE-2014-5043 Cross Site Scripting Vulnerability

48. By Paul Gevers on 2014-06-25

* Add alternative php5-mysql | php5-mysqlnd (Closes: #744067)
* Security update (Closes: #742768, #752573)
  - CVE-2014-2327 Cross Site Request Forgery Vulnerability
  - CVE-2014-4002 Cross-Site Scripting Vulnerability

47. By Paul Gevers on 2014-04-06

Fix postinst for lighttpd setups which fail on update due to
lighty-enable-mod exiting with non-zero if config is already loaded
(Closes: 743727)

46. By Paul Gevers on 2014-04-05

* Security update (Closes: 743565)
  - CVE-2014-2326 Cross-site scripting (XSS) vulnerability
  - CVE-2014-2328 Unspecified Remote Command Execution Vulnerability
  - CVE-2014-2708 SQL injection
  - CVE-2014-2709 Unspecified Remote Command Execution Vulnerability
* Bump standards (no changes needed)
* Fix VCS-Browser field
* Fix license paragraph of jstree (Thanks lintian)

45. By Paul Gevers on 2013-08-27

* Fix Cross site scripting (upstream bug 2383)
  CVE-2013-5588
* Fix SQL injection in host.php (upstream bug 2383)
  CVE-2013-5589
* Fix upgrade script in cli directory for latest releases
* Automatically upgrade database during package update (prevents upstream
  bug 2377)
* The code to enable lighttpd configuration from LP: #1132415 was broken