lp:ubuntu/wily-proposed/cacti
- Get this branch:
- bzr branch lp:ubuntu/wily-proposed/cacti
Branch merges
Branch information
Recent revisions
- 54. By Paul Gevers
-
* Update loadavg_
multi_locale_ friendly. patch (Closes: #793401)
* Add missing manual.css (Closes: #783416)
* Fix d/rules override_dh_*configure target (Wasn't ever run,
althought that wasn't too bad until now) - 52. By Paul Gevers
-
* Imported Upstream version 0.8.8e
- CVE-2015-4634 multiple SQL Injection vulnerabilities
* Add new jquery scripts to Files-Exculded
* Refresh patches - 51. By Paul Gevers
-
* Upload to unstable
* New upstream release
- CVE-2015-2665 Cross-site scripting (XSS) vulnerability in Cacti
before 0.8.8d allows remote attackers to inject arbitrary web script
or HTML via unspecified vectors.
- CVE-2015-4342 SQL Injection and Location header injection from cdef id
- CVE-2015-4454 SQL injection vulnerability in the
get_hash_graph_ template function in lib/functions.php in Cacti before
0.8.8d allows remote attackers to execute arbitrary SQL commands via
the graph_template_id parameter to graph_templates.php.
- Unassigned CVE VN:JVN#78187936 / TN:JPCERT#98968540 Fixed SQL injection
* Remove Sean from the list of uploaders. Thanks for all the fish
(Closes: #773436)
* Fix d/p/07_cli-include- path.patch (LP: #1433665)
* Update debian/patches/ fix_php_ strict_ warning_ in_ping. patch for partial
upstream fix
* Include the virtual alternative for the recommends on mysql-server
(Closes: #781982)
* Upstream dropped unused javascripts, remove them from d/copyright
* Add patch to have upgrade script mention version 0.8.8d i.s.o. 0.8.8c - 50. By Paul Gevers
-
* CVE-2014-5261
Unsufficient input sanitation leads to shell command injection
possibilities
* CVE-2014-5262
Incomplete and incorrect input parsing leads to SQL injection attack
scenarios
* Fix for CVE-2014-5043 was incomplete, improve patch
* Change CVE-2014-4002 patch to include upstream updated commits - 49. By Paul Gevers
-
* Fix regression caused by fixing CVE-2014-4002 at least plugin autom8
was unusable (Closes: #755032)
* Security update
- CVE-2014-5025 Cross Site Scripting Vulnerability
- CVE-2014-5026 Cross Site Scripting Vulnerability
- CVE-2014-5043 Cross Site Scripting Vulnerability - 48. By Paul Gevers
-
* Add alternative php5-mysql | php5-mysqlnd (Closes: #744067)
* Security update (Closes: #742768, #752573)
- CVE-2014-2327 Cross Site Request Forgery Vulnerability
- CVE-2014-4002 Cross-Site Scripting Vulnerability - 47. By Paul Gevers
-
Fix postinst for lighttpd setups which fail on update due to
lighty-enable-mod exiting with non-zero if config is already loaded
(Closes: 743727) - 46. By Paul Gevers
-
* Security update (Closes: 743565)
- CVE-2014-2326 Cross-site scripting (XSS) vulnerability
- CVE-2014-2328 Unspecified Remote Command Execution Vulnerability
- CVE-2014-2708 SQL injection
- CVE-2014-2709 Unspecified Remote Command Execution Vulnerability
* Bump standards (no changes needed)
* Fix VCS-Browser field
* Fix license paragraph of jstree (Thanks lintian) - 45. By Paul Gevers
-
* Fix Cross site scripting (upstream bug 2383)
CVE-2013-5588
* Fix SQL injection in host.php (upstream bug 2383)
CVE-2013-5589
* Fix upgrade script in cli directory for latest releases
* Automatically upgrade database during package update (prevents upstream
bug 2377)
* The code to enable lighttpd configuration from LP: #1132415 was broken
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/wily/cacti