Debian Package Tracker

From: Paul Gevers <elbrus@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted cacti 0.8.8a+dfsg-5+deb7u5 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
Date: Sat, 27 Jun 2015 10:48:05 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 22 Jun 2015 20:55:59 +0200
Source: cacti
Binary: cacti
Architecture: source all
Version: 0.8.8a+dfsg-5+deb7u5
Distribution: wheezy-security
Urgency: high
Maintainer: Cacti Maintainer <pkg-cacti-maint@lists.alioth.debian.org>
Changed-By: Paul Gevers <elbrus@debian.org>
Description: 
 cacti      - web interface for graphing of monitoring systems
Changes: 
 cacti (0.8.8a+dfsg-5+deb7u5) wheezy-security; urgency=high
 .
   * Security update
     - CVE-2015-2665 Cross-site scripting (XSS) vulnerability in Cacti
       before 0.8.8d allows remote attackers to inject arbitrary web script
       or HTML via unspecified vectors.
     - CVE-2015-4342 SQL Injection and Location header injection from cdef
       id
     - CVE-2015-4454 SQL injection vulnerability in the
       get_hash_graph_template function in lib/functions.php in Cacti before
       0.8.8d allows remote attackers to execute arbitrary SQL commands via
       the graph_template_id parameter to graph_templates.php.
     - Unassigned CVE SQL injection VN:JVN#78187936 / TN:JPCERT#98968540
Checksums-Sha1: 
 e3e4ba2de0f8131b9cce39e6727ff2206cc24e00 1666 cacti_0.8.8a+dfsg-5+deb7u5.dsc
 5339a9ef3ac40bfa0c7103453408be257a403d5d 125708 cacti_0.8.8a+dfsg-5+deb7u5.debian.tar.gz
 cba0e3b3e47e1772106fd81a5b1844be43bcedc9 2152504 cacti_0.8.8a+dfsg-5+deb7u5_all.deb
Checksums-Sha256: 
 989e064f2f2936e81c85d2da7d90d6898d323e5d3b36c048696d0adb00b40b60 1666 cacti_0.8.8a+dfsg-5+deb7u5.dsc
 ba954ad904a437dded38b9694d4d898c855ee7d8f5c6a526b394a4ce35d6f7c8 125708 cacti_0.8.8a+dfsg-5+deb7u5.debian.tar.gz
 3727bdba8ec92e1db6be92fdb8cb62e9c5b90047e591e825b6a715ca50b7efb1 2152504 cacti_0.8.8a+dfsg-5+deb7u5_all.deb
Files: 
 6bf966c7cf1017936abea922b95e25b9 1666 web extra cacti_0.8.8a+dfsg-5+deb7u5.dsc
 3ce0aa696829648a500e89a6806431f8 125708 web extra cacti_0.8.8a+dfsg-5+deb7u5.debian.tar.gz
 b3c8e007ad648b524530967654e522d6 2152504 web extra cacti_0.8.8a+dfsg-5+deb7u5_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJVia7yAAoJEJxcmesFvXUK1rUH/1UwcBLavH13TusakW2usKUH
VhH8zmM1y415HEHlmh/te9IR1X0n2wQT2ZgYlgBQtloFwWwtGz/fgVSoPukLQTb0
kR9PLDVHvrcsSxd08TKw1nKb70dgx2prHsSf4yW8ZYlqS60zjKYfCE8lNM4A0uDy
G9/RjMfOXE3EX4ENcJaxWdrWgMQkDW02Va/mYotIW2CRtuhNc8yWonXETXN0KrX4
TOuwSeJ1KLsDHOMWqDe6uhSyjTLFA1r/fyo1yBjuMb1Xmy4k4V+yJ9RNdZ9euyKt
Vwai4rOLkjd9EavQgQlV8zuXdmKf9IKj/lm+21rXXy9r2WEbSZwqGkH4eaBmUUA=
=CMDI
-----END PGP SIGNATURE-----

News for package cacti