-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 12 Apr 2018 17:43:13 +0200 Source: cacti Binary: cacti Architecture: source Version: 1.1.37+ds1-1 Distribution: unstable Urgency: medium Maintainer: Cacti Maintainer <pkg-cacti-maint@lists.alioth.debian.org> Changed-By: Paul Gevers <elbrus@debian.org> Description: cacti - web interface for graphing of monitoring systems Changes: cacti (1.1.37+ds1-1) unstable; urgency=medium . * New upstream release 1.1.37 * CVE-2018-10059: (XSS) the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name * CVE-2018-10060: (XSS) does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php * CVE-2018-10061: (XSS) makes certain htmlspecialchars calls without the ENT_QUOTES flag Checksums-Sha1: 5c66f4abf232eaa1c616fc44de94bacdf106b13c 2144 cacti_1.1.37+ds1-1.dsc a6b13c3611423cc2e706b60d5bb7cfdb026d00b1 66580 cacti_1.1.37+ds1.orig-docs-source.tar.xz d4e47bda6500ae5024a7cb9e4490f22375df3001 3906058 cacti_1.1.37+ds1.orig.tar.gz df9f35584476dbfbb41ef15e7224c4ae76933aac 52128 cacti_1.1.37+ds1-1.debian.tar.xz Checksums-Sha256: 4f6d893245e2b3f5d8252e8d1a04a25681baacb9275dacd91a62e8a412f17332 2144 cacti_1.1.37+ds1-1.dsc 4e93415bb3e4d4cb126a8ea027378827214bf93e80e73f8718906a94acc7a318 66580 cacti_1.1.37+ds1.orig-docs-source.tar.xz f882eeb856c72382e9f5add8725fc52a64ab72e6f3c6d1a8f607266c33ba7c01 3906058 cacti_1.1.37+ds1.orig.tar.gz dc8e7a60eea78e1cb7472c7cb9727dac1323742a1f06c43b0ae5d529a6a72df7 52128 cacti_1.1.37+ds1-1.debian.tar.xz Files: 6bf1b222c8f6984ce2b16e98863ef1dc 2144 web optional cacti_1.1.37+ds1-1.dsc 9f41c097f6beab7281874a473bbf3a86 66580 web optional cacti_1.1.37+ds1.orig-docs-source.tar.xz 746cad294ce1e2604271492da78ad8e5 3906058 web optional cacti_1.1.37+ds1.orig.tar.gz 496459cbbf9ae5d6879e254e6c6117da 52128 web optional cacti_1.1.37+ds1-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEWLZtSHNr6TsFLeZynFyZ6wW9dQoFAlrPgXkACgkQnFyZ6wW9 dQqUAgf9HbRhsdzlvXrBqX1kXGsQASUXDfQg2uIYs5SVUIvzMhm2892no3qFcJK/ +OAp45Aq+lLe8XeWaqklGZB1vtiBV67qC0knLUj5pTm+CDCq5k1Lv2XgOL2ZlidZ i71gTCkaY7tnV6IqfqFWmRMPOZP3g4gnjMOESFtrW5aLBg4Tzw+gVESs9eUGdOKC dZakXXEOfOhGNNAYvnIca4F1NxhtUEDji353/Dz9TRY0MnYSqGwpgt5B7v1g/Dz8 7ti41cnPcDzAVqJzFsKZS2LlZjYao3BCBY9Bv700v4ASsfJ+eSMg8+HS7IEnLhlv rNeIx0m1tuDJix9KugbxsPlmFn3hew== =k+dc -----END PGP SIGNATURE-----
