Debian Package Tracker

From: Paul Gevers <elbrus@debian.org>
To: <debian-backports-changes@lists.debian.org>
Subject: Accepted cacti 1.1.38+ds1-1~bpo9+1 (source) into stretch-backports
Date: Thu, 26 Apr 2018 12:32:59 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 26 Apr 2018 13:25:27 +0200
Source: cacti
Binary: cacti
Architecture: source
Version: 1.1.38+ds1-1~bpo9+1
Distribution: stretch-backports
Urgency: medium
Maintainer: Cacti Maintainer <pkg-cacti-maint@lists.alioth.debian.org>
Changed-By: Paul Gevers <elbrus@debian.org>
Description:
 cacti      - web interface for graphing of monitoring systems
Changes:
 cacti (1.1.38+ds1-1~bpo9+1) stretch-backports; urgency=medium
 .
   * Rebuild for stretch-backports.
 .
 cacti (1.1.38+ds1-1) unstable; urgency=medium
 .
   * New upstream release 1.1.38
   * [tests] Remove mysql-server test as it isn't available in testing
 .
 cacti (1.1.37+ds1-1) unstable; urgency=medium
 .
   * New upstream release 1.1.37
   * CVE-2018-10059: (XSS) the get_current_page function in
     lib/functions.php relies on $_SERVER['PHP_SELF'] instead of
     $_SERVER['SCRIPT_NAME'] to determine a page name
   * CVE-2018-10060: (XSS) does not properly reject unintended characters,
     related to use of the sanitize_uri function in lib/functions.php
   * CVE-2018-10061: (XSS) makes certain htmlspecialchars calls without the
     ENT_QUOTES flag
Checksums-Sha1:
 0331e0b19928ed9f8f6e68fe071553faac0a5eb9 2174 cacti_1.1.38+ds1-1~bpo9+1.dsc
 2196c87c820524b08c0a212a52fb65fad5faab24 52160 cacti_1.1.38+ds1-1~bpo9+1.debian.tar.xz
Checksums-Sha256:
 7be8c8599471eb0cfe264f85ae209d74caebcee63e63ff14ad3c7f17c9077605 2174 cacti_1.1.38+ds1-1~bpo9+1.dsc
 afe89b85c62cf4b0402dc7df144287ec38f82fecf041cdeca8240f417f56dfb1 52160 cacti_1.1.38+ds1-1~bpo9+1.debian.tar.xz
Files:
 a6a07af359eee8230745a65382d92bb3 2174 web optional cacti_1.1.38+ds1-1~bpo9+1.dsc
 e386bbb7d8921a56042343ed210fccc0 52160 web optional cacti_1.1.38+ds1-1~bpo9+1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEWLZtSHNr6TsFLeZynFyZ6wW9dQoFAlrht08ACgkQnFyZ6wW9
dQqzGwf9GIdMqto1l1IT34COQ5o/EzoDH0FOFO62T4DS4QAg9uhClN4BbXEWNYfF
tDH4c5HsGFK/iQyADLU2wvT9je64dk7EVO3fTq+8JGendV4Xn1/Ne5OyVvfr4OX6
3JOSahlhIJS/j5SF8bxCKXwveIGHWV3q/x/foZRshTsc0S0z/BeZQ7q3Lz0q7c4z
/vjcQ1Z3t3t5gmcZIX54uxTejOtAgc5aFDEsyhw4FGHQp2AOZKusmCWyy49feOZe
Nfd9Lyx3usncSGXmlWBj6vkxAMa/Wcc19A4WcOTRtnLnL9TPNQyFgOv88vtSxFDA
6Ep5klBsnUyTYDd0ld6G1Bc1ajgEwA==
=6aI9
-----END PGP SIGNATURE-----
News for package cacti
