-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 16 Dec 2009 11:32:08 +0100 Source: cacti Binary: cacti Architecture: source all Version: 0.8.6i-3.6 Distribution: oldstable-security Urgency: high Maintainer: sean finney <seanius@debian.org> Changed-By: Steffen Joeris <white@debian.org> Description: cacti - Frontend to rrdtool for monitoring systems and services Closes: 429224 Changes: cacti (0.8.6i-3.6) oldstable-security; urgency=high . * Non-maintainer upload by the security team * Fix several cross-site scriptings via different vectors Fixes: CVE-2009-4032 * Fix denial of service via the graph_start, graph_end, graph_height and graph_width parameters (Closes: #429224) Fixes: CVE-2007-3112 CVE-2007-3113 Files: bb8fb25c6db1cd6a2a785f879943d969 590 web extra cacti_0.8.6i-3.6.dsc 4ee9e373817ebc32297e1c3de8fee10d 38419 web extra cacti_0.8.6i-3.6.diff.gz 9093e9f9abaa6c3dbbedad24cc1d4f7e 962816 web extra cacti_0.8.6i-3.6_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAksovlkACgkQ62zWxYk/rQcRKgCgncvKXzzZFObziIJYZRf0Bzvb hPMAoJM/1lJTahbwBz3O9xN4wPKjuWT/ =aMFj -----END PGP SIGNATURE----- Accepted: cacti_0.8.6i-3.6.diff.gz to main/c/cacti/cacti_0.8.6i-3.6.diff.gz cacti_0.8.6i-3.6.dsc to main/c/cacti/cacti_0.8.6i-3.6.dsc cacti_0.8.6i-3.6_all.deb to main/c/cacti/cacti_0.8.6i-3.6_all.deb