Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted cacti 1.2.9+ds1-1 (source) into unstable
Date: Thu, 13 Feb 2020 20:42:41 +0000
Signed by: Paul Gevers <elbrus@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 13 Feb 2020 20:38:01 +0100
Source: cacti
Architecture: source
Version: 1.2.9+ds1-1
Distribution: unstable
Urgency: medium
Maintainer: Cacti Maintainer <pkg-cacti-maint@lists.alioth.debian.org>
Changed-By: Paul Gevers <elbrus@debian.org>
Closes: 949996 949997
Changes:
 cacti (1.2.9+ds1-1) unstable; urgency=medium
 .
   * New upstream version 1.2.9+ds1
     CVE-2020-7106 Remote Code Execution (by privileged users) via shell
     metacharacters in the Performance Boost Debug Log field of
     poller_automation.php. (Closes: #949996)
     CVE-2020-7237 Stored XSS in data_sources.php,
     color_templates_item.php, graphs.php, graph_items.php,
     lib/api_automation.php, user_admin.php, and user_group_admin.php, as
     demonstrated by the description parameter in data_sources.php (Closes:
     #949997)
Checksums-Sha1:
 70ac7c88c8f5afe0ac17c47fcaebed60a7ba8cfe 2106 cacti_1.2.9+ds1-1.dsc
 c8922b88e74ee62fdd2d77b85ddbe7de1a165f96 13512524 cacti_1.2.9+ds1.orig-docs-source.tar.gz
 c08262fde3456121ddc7eaa3afa347bdd743cdf6 7225339 cacti_1.2.9+ds1.orig.tar.gz
 3cf6abb04fb26e505516d304867d2e53c1503ccf 53648 cacti_1.2.9+ds1-1.debian.tar.xz
Checksums-Sha256:
 e00e1e3351f009aedd28996b11c7a4b719d55cb9c29738f99294294e41e9d089 2106 cacti_1.2.9+ds1-1.dsc
 054c00f8453f2b836fdf165e25f4ce66705c0aa075084b570c3f707a622bcb83 13512524 cacti_1.2.9+ds1.orig-docs-source.tar.gz
 4e8147ed82939ce7b7a8d04a3ae7727aad5904ebe83591e69cf3352aea427db8 7225339 cacti_1.2.9+ds1.orig.tar.gz
 0e5ff0b87c8a328128552a5e1836078230ebde968dcfcbb5c78fe82086a38529 53648 cacti_1.2.9+ds1-1.debian.tar.xz
Files:
 6eebf2e084540df7f97377ea5d7ea2c2 2106 web optional cacti_1.2.9+ds1-1.dsc
 77a4557cb0f6c21d910da7a4590da3c5 13512524 web optional cacti_1.2.9+ds1.orig-docs-source.tar.gz
 76128ec28bd5eadc9f860a5c46d6f6e1 7225339 web optional cacti_1.2.9+ds1.orig.tar.gz
 156bf382847a16c11d7c21b794305ed3 53648 web optional cacti_1.2.9+ds1-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEWLZtSHNr6TsFLeZynFyZ6wW9dQoFAl5FqHkACgkQnFyZ6wW9
dQqfWggAyuOBHMTHi+6yXN/DrVw7Mr8AuQJWR4xqql8Sq9ACQeac5THLvThXC+tg
cPwENZTzzvXHjAgup2hkTEt0ad3aAuO0qdiytKUV7JiSgZpgPqBjfCIGC0aAvGZe
r80C+T6UelLwFm0bAhJzqO6B+Pbtt2k3LBNBHQEsCFvAbdQx8Xm63KoPPQ4gxv5s
Ikr8y+u8Axipqp4xWzNu4WG14mh8X1Qn1/u2iGizJZHd7eusbm2xNpHECfiUhx+O
OYjZlmtgeow7En4ebhdURJgMsM+2dg4EHvm5GQSpNNb5YrPUcLo8zPlQRrmKpL3T
J1oSwr93ddZZa7LS2wEffqOrmshEqQ==
=l9pB
-----END PGP SIGNATURE-----

News for package cacti