Debian Package Tracker

From: Paul Gevers <elbrus@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted cacti 0.8.8a+dfsg-5+deb7u1 (source all)
Date: Thu, 22 Aug 2013 21:47:04 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 10 Aug 2013 07:30:37 +0200
Source: cacti
Binary: cacti
Architecture: source all
Version: 0.8.8a+dfsg-5+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Cacti Maintainer <pkg-cacti-maint@lists.alioth.debian.org>
Changed-By: Paul Gevers <elbrus@debian.org>
Description: 
 cacti      - web interface for graphing of monitoring systems
Changes: 
 cacti (0.8.8a+dfsg-5+deb7u1) wheezy-security; urgency=high
 .
   * Security upload
   * Add patches to fix SQL or command line injection via snmp settings or
     graph creation or edition that allows privileged users to execute
     arbitrary SQL commands or command line commands.
     - CVE-2013-1434
       cacti_snmp_sql_injection_CVE-2013-1434.patch
     - CVE-2013-1435
       cacti_snmp_escape_string_CVE-2013-1435.patch
       fix_quoting_in_rrd_command_CVE-2013-1435.patch
   * CVE-2013-1435 fix causes a regression in the handling of empty COMMENT
     lines in the rrd legend. Fixed by upstream:
     fix_COMMENT_in_graph_regression_from_CVE-2013-1435.patch
Checksums-Sha1: 
 8e23e336f5d9049d0b57c519d79aa61f55b04ccf 1683 cacti_0.8.8a+dfsg-5+deb7u1.dsc
 4345484327a663043f2c25cc14da763ed0b10bce 2262792 cacti_0.8.8a+dfsg.orig.tar.gz
 68f412be08c31184f06a5b66e59f1156eb26f7e8 108510 cacti_0.8.8a+dfsg-5+deb7u1.debian.tar.gz
 66934338e16d7260e2196d43dc1e95dd1282daaf 2141388 cacti_0.8.8a+dfsg-5+deb7u1_all.deb
Checksums-Sha256: 
 05204020df56df487c769a29379362f97240660bda732ffd1adbf146385dd7f7 1683 cacti_0.8.8a+dfsg-5+deb7u1.dsc
 18575e99b5be11edb150a5a20a8a63f8cbf50be0adb0c4892db3be68ca1fcf74 2262792 cacti_0.8.8a+dfsg.orig.tar.gz
 57a7f925d00aeed782c4c2e323e95227a4bc941cc4f9becd2c577facb869332e 108510 cacti_0.8.8a+dfsg-5+deb7u1.debian.tar.gz
 3621897e82f456bce05d3cb14f4299c69d0e418a4b6e6393656549ea9aea93d8 2141388 cacti_0.8.8a+dfsg-5+deb7u1_all.deb
Files: 
 c6cbdbf4d4a9eedf6c3ebbadb939437a 1683 web extra cacti_0.8.8a+dfsg-5+deb7u1.dsc
 45ef51a85ee91bf9212478cc4af1c5de 2262792 web extra cacti_0.8.8a+dfsg.orig.tar.gz
 dcc2a9d9daa40b7749636f0b638dc160 108510 web extra cacti_0.8.8a+dfsg-5+deb7u1.debian.tar.gz
 6b0d58181691148837e5af454d815a6d 2141388 web extra cacti_0.8.8a+dfsg-5+deb7u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCAAGBQJSCUAMAAoJEJxcmesFvXUKjDoH/0Fuba/ELYQ30ZRY7UVMETHN
FO8Z7duyl/GFDTs0yCw5Q+4sXv5adCnKKH977NRtlolqJpcJEJe5mY/kP0QdFdN8
diN87P/Mgi2eZrshPaqPg3gfTQTOjFxdsFOSJrAKXX/qCJYNmrPM1KoojYV0JUoY
VaTrq7ewt8LjWRtER2OeOMjJigveAsFjCJrdRti09HecGho0TTSgTQ5AUw6xOf3U
ClADZp6C3u84JwtVvUHt4Prpf2+tMh6GdNKBsRWItltZFdgthj3bjG9xRQylyqZa
zv9tkkS7+gUY9bjNIeCknE28OFUHOMl35rTu+YEgA9ZPcFqstrydAOnypyefxCo=
=H1FT
-----END PGP SIGNATURE-----
News for package cacti
