Debian Package Tracker

From: Paul Gevers <elbrus@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted cacti 0.8.7g-1+squeeze2 (source all)
Date: Thu, 22 Aug 2013 21:47:28 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 10 Aug 2013 07:30:37 +0200
Source: cacti
Binary: cacti
Architecture: source all
Version: 0.8.7g-1+squeeze2
Distribution: squeeze-security
Urgency: high
Maintainer: Sean Finney <seanius@debian.org>
Changed-By: Paul Gevers <elbrus@debian.org>
Description: 
 cacti      - Frontend to rrdtool for monitoring systems and services
Changes: 
 cacti (0.8.7g-1+squeeze2) squeeze-security; urgency=high
 .
   * Security upload
   * Add patches to fix SQL or command line injection via snmp settings or
     graph creation or edition that allows privileged users to execute
     arbitrary SQL commands or command line commands.
     - CVE-2013-1434
       cacti_snmp_sql_injection_CVE-2013-1434.patch
     - CVE-2013-1435
       cacti_snmp_escape_string_CVE-2013-1435.patch
       fix_quoting_in_rrd_command_CVE-2013-1435.patch
   * CVE-2013-1435 fix causes a regression in the handling of empty COMMENT
     lines in the rrd legend. Fixed by upstream:
     fix_COMMENT_in_graph_regression_from_CVE-2013-1435.patch
Checksums-Sha1: 
 8edad45073902ea7adb5b0a4e90f9beb6f76546f 1443 cacti_0.8.7g-1+squeeze2.dsc
 49ad39d95dc5052aee16b820e392ffe38d12ba92 46165 cacti_0.8.7g-1+squeeze2.diff.gz
 aa5000d7f009dfc06bda461549d7eeed6bac742e 2090886 cacti_0.8.7g-1+squeeze2_all.deb
Checksums-Sha256: 
 6fa6fc9ee6af70ba7c5f4451ffdc5ab5c2c7f6bd8dc12aa6d6aa2fbe9f431c05 1443 cacti_0.8.7g-1+squeeze2.dsc
 aceaf869c7e0e979979b310e403083290c787b2afa98f7e43006da3edc0140b4 46165 cacti_0.8.7g-1+squeeze2.diff.gz
 ca3f62f025fd4dc5843b30b2b23f3535f2bddf8bb58119fe5cd29ab8e87c8951 2090886 cacti_0.8.7g-1+squeeze2_all.deb
Files: 
 cf87ec025c898e083bc5c2258ca771a4 1443 web extra cacti_0.8.7g-1+squeeze2.dsc
 66796b45b79f2886d3173f4528e2e795 46165 web extra cacti_0.8.7g-1+squeeze2.diff.gz
 7a1b66221468ab30551ed4c2a30f4f59 2090886 web extra cacti_0.8.7g-1+squeeze2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCAAGBQJSCTRYAAoJEJxcmesFvXUKQ0UIALvu1UIPuaAVcWLSo31wjVSG
aYtlknEPEloAo77DNh+dT9kImWVmHr7vOsocOTPJ9wbz/dlCfosvz3DNpqPmRgeh
Rl9YLnut+YfwE0a6NAID7obzqEsCapRsXKykmcbruPwVZqv8tz9oDj8FZQhD77pT
O2tXWdvQYPCpAGYvGLq4oIoCE88WF2wc8ZeOtViu7pbYP57DUhYr6LCj36IsiTeV
ClQ7sAnL1zYZOD4nSkXLbq05nRF0WiTFaqpGo7/x2K45EWHB4YDVUOhAnn8DZwIp
BHORRwV4NRmeaz1BKHb2lgMWbVqXfBgFsvH2Brz0jNBOlXGaLuJSctyU0FZe1xA=
=7tTp
-----END PGP SIGNATURE-----
News for package cacti
