Register | Log in

cacti

web interface for graphing of monitoring systems

Choose email to subscribe with

general

source: cacti (main)
version: 1.2.1+ds1-2
maintainer: Cacti Maintainer (archive) [DMD]
uploaders: Paul Gevers [DMD]
arch: all
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.8.8a+dfsg-5+deb7u8
o-o-sec: 0.8.8a+dfsg-5+deb7u10
oldstable: 0.8.8b+dfsg-8+deb8u6
old-sec: 0.8.8b+dfsg-8+deb8u4
stable: 0.8.8h+ds1-10
stable-bpo: 1.1.38+ds1-1~bpo9+1
testing: 1.2.1+ds1-1
unstable: 1.2.1+ds1-2

versioned links

0.8.8a+dfsg-5+deb7u8: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8.8a+dfsg-5+deb7u10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8.8b+dfsg-8+deb8u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8.8b+dfsg-8+deb8u6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8.8h+ds1-10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.1.38+ds1-1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.1+ds1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.1+ds1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

cacti

action needed

lintian reports 1 error and 12 warnings high

Lintian reports 1 error and 12 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2018-04-08 Last update: 2019-01-16 09:08

Depends on packages which need a new maintainer normal

The packages that cacti depends on which need a new maintainer are:

apache2 (#910917)
- Recommends: apache2
lighttpd (#898110)
- Recommends: lighttpd

Created: 2018-01-14 Last update: 2019-02-18 04:31

7 ignored security issues in stretch low

There are 7 open security issues in stretch.

7 issues skipped by the security teams:

CVE-2018-20723: A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.
CVE-2018-20724: A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
CVE-2018-10060: Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.
CVE-2018-10061: Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).
CVE-2017-16641: lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.
CVE-2018-20725: A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.
CVE-2018-20726: A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.

Please fix them.

Created: 2017-11-08 Last update: 2019-02-15 23:44

8 ignored security issues in jessie low

There are 8 open security issues in jessie.

8 issues skipped by the security teams:

CVE-2018-20723: A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.
CVE-2018-20724: A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
CVE-2018-20726: A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.
CVE-2018-10060: Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.
CVE-2018-10061: Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).
CVE-2017-16641: lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.
CVE-2018-20725: A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.
CVE-2017-1000031: SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.

Please fix them.

Created: 2017-07-19 Last update: 2019-02-15 23:44

testing migrations

excuses:
- Too young, only 3 of 10 days old
- Piuparts tested OK - https://piuparts.debian.org/sid/source/c/cacti.html
- Required age reduced by 0 days because of autopkgtest
- Checking build-dependency on amd64
- Not considered

news

[2019-02-14] Accepted cacti 1.2.1+ds1-2 (source) into unstable (Paul Gevers)
[2019-02-02] cacti 1.2.1+ds1-1 MIGRATED to testing (Debian testing watch)
[2019-01-28] Accepted cacti 1.2.1+ds1-1 (source) into unstable (Paul Gevers)
[2018-12-30] cacti 1.1.38+ds1-2 MIGRATED to testing (Debian testing watch)
[2018-12-27] Accepted cacti 1.1.38+ds1-2 (source) into unstable (Paul Gevers)
[2018-12-02] Accepted cacti 1.2.0~beta4+ds1-1 (source) into experimental (Paul Gevers)
[2018-10-28] Accepted cacti 1.2.0~beta2+ds1-1 (source) into experimental (Paul Gevers)
[2018-04-26] Accepted cacti 1.1.38+ds1-1~bpo9+1 (source) into stretch-backports (Paul Gevers)
[2018-04-23] cacti 1.1.38+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-04-18] Accepted cacti 1.1.38+ds1-1 (source) into unstable (Paul Gevers)
[2018-04-18] cacti 1.1.37+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-04-12] Accepted cacti 1.1.37+ds1-1 (source) into unstable (Paul Gevers)
[2018-03-12] Accepted cacti 1.1.36+ds1-1~bpo9+1 (source) into stretch-backports (Paul Gevers)
[2018-03-06] cacti 1.1.36+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-02-28] Accepted cacti 1.1.36+ds1-1 (source) into unstable (Paul Gevers)
[2018-02-19] Accepted cacti 1.1.35+ds1-1~bpo9+1 (source) into stretch-backports (Paul Gevers)
[2018-02-19] cacti 1.1.35+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-02-13] Accepted cacti 1.1.35+ds1-1 (source) into unstable (Paul Gevers)
[2018-02-12] Accepted cacti 1.1.34+ds1-1~bpo9+1 (source) into stretch-backports (Paul Gevers)
[2018-02-12] cacti 1.1.34+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-02-06] Accepted cacti 1.1.34+ds1-1 (source) into unstable (Paul Gevers)
[2018-01-23] cacti 1.1.31+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-01-17] Accepted cacti 1.1.31+ds1-1 (source) into unstable (Paul Gevers)
[2018-01-12] Accepted cacti 1.1.30+ds1-1~bpo9+1 (source) into stretch-backports (Paul Gevers)
[2018-01-11] cacti 1.1.30+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-01-05] Accepted cacti 1.1.30+ds1-1 (source) into unstable (Paul Gevers)
[2018-01-02] cacti 1.1.29+ds1-1 MIGRATED to testing (Debian testing watch)
[2017-12-27] Accepted cacti 1.1.29+ds1-1 (source) into unstable (Paul Gevers)
[2017-12-27] cacti 1.1.28+ds1-3 MIGRATED to testing (Debian testing watch)
[2017-12-21] Accepted cacti 1.1.28+ds1-3 (source) into unstable (Paul Gevers)

1
2

bugs [bug history graph]

all: 4 6
RC: 0
I&N: 3 5
M&W: 0
F&P: 1
patch: 0

links

homepage
lintian (1, 12)
buildd: logs, clang, reproducibility
popcon
debci
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.2.1+ds1-1ubuntu1
2 bugs
patches for 1.2.1+ds1-1ubuntu1

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing