Debian Package Tracker

general

source: cacti (main)
version: 1.1.38+ds1-1
maintainer: Cacti Maintainer (archive) [DMD]
uploaders: Paul Gevers [DMD]
arch: all
std-ver: 4.1.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.8.8a+dfsg-5+deb7u8
o-o-sec: 0.8.8a+dfsg-5+deb7u10
oldstable: 0.8.8b+dfsg-8+deb8u6
old-sec: 0.8.8b+dfsg-8+deb8u4
stable: 0.8.8h+ds1-10
stable-bpo: 1.1.38+ds1-1~bpo9+1
testing: 1.1.38+ds1-1
unstable: 1.1.38+ds1-1

versioned links

0.8.8a+dfsg-5+deb7u8: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8.8a+dfsg-5+deb7u10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8.8b+dfsg-8+deb8u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8.8b+dfsg-8+deb8u6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8.8h+ds1-10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.1.38+ds1-1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.1.38+ds1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

cacti

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In watchfile debian/watch, reading webpage
  http://www.cacti.net/downloads/ failed: 500 read timeout

Created: 2018-10-14 Last update: 2018-10-19 10:25

lintian reports 1 error and 4 warnings high

Lintian reports 1 error and 4 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2018-04-08 Last update: 2018-09-08 07:31

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2018-10-01 Last update: 2018-10-19 11:10

Depends on packages which need a new maintainer normal

The packages that cacti depends on which need a new maintainer are:

apache2 (#910917)
- Recommends: apache2
lighttpd (#898110)
- Recommends: lighttpd

Created: 2018-01-14 Last update: 2018-10-19 10:29

4 ignored security issues in jessie low

There are 4 open security issues in jessie.

4 issues skipped by the security teams:

CVE-2018-10061: Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).
CVE-2017-16641: lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.
CVE-2018-10060: Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.
CVE-2017-1000031: SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.

Please fix them.

Created: 2017-07-19 Last update: 2018-10-11 08:01

3 ignored security issues in stretch low

There are 3 open security issues in stretch.

3 issues skipped by the security teams:

CVE-2018-10061: Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).
CVE-2017-16641: lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.
CVE-2018-10060: Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.

Please fix them.

Created: 2017-11-08 Last update: 2018-10-11 08:01

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.2.1 instead of 4.1.2).

Created: 2017-12-28 Last update: 2018-08-26 08:17

news

[rss feed]

[2018-04-26] Accepted cacti 1.1.38+ds1-1~bpo9+1 (source) into stretch-backports (Paul Gevers)
[2018-04-23] cacti 1.1.38+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-04-18] Accepted cacti 1.1.38+ds1-1 (source) into unstable (Paul Gevers)
[2018-04-18] cacti 1.1.37+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-04-12] Accepted cacti 1.1.37+ds1-1 (source) into unstable (Paul Gevers)
[2018-03-12] Accepted cacti 1.1.36+ds1-1~bpo9+1 (source) into stretch-backports (Paul Gevers)
[2018-03-06] cacti 1.1.36+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-02-28] Accepted cacti 1.1.36+ds1-1 (source) into unstable (Paul Gevers)
[2018-02-19] Accepted cacti 1.1.35+ds1-1~bpo9+1 (source) into stretch-backports (Paul Gevers)
[2018-02-19] cacti 1.1.35+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-02-13] Accepted cacti 1.1.35+ds1-1 (source) into unstable (Paul Gevers)
[2018-02-12] Accepted cacti 1.1.34+ds1-1~bpo9+1 (source) into stretch-backports (Paul Gevers)
[2018-02-12] cacti 1.1.34+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-02-06] Accepted cacti 1.1.34+ds1-1 (source) into unstable (Paul Gevers)
[2018-01-23] cacti 1.1.31+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-01-17] Accepted cacti 1.1.31+ds1-1 (source) into unstable (Paul Gevers)
[2018-01-12] Accepted cacti 1.1.30+ds1-1~bpo9+1 (source) into stretch-backports (Paul Gevers)
[2018-01-11] cacti 1.1.30+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-01-05] Accepted cacti 1.1.30+ds1-1 (source) into unstable (Paul Gevers)
[2018-01-02] cacti 1.1.29+ds1-1 MIGRATED to testing (Debian testing watch)
[2017-12-27] Accepted cacti 1.1.29+ds1-1 (source) into unstable (Paul Gevers)
[2017-12-27] cacti 1.1.28+ds1-3 MIGRATED to testing (Debian testing watch)
[2017-12-21] Accepted cacti 1.1.28+ds1-3 (source) into unstable (Paul Gevers)
[2017-11-29] Accepted cacti 1.1.28+ds1-2~bpo9+1 (source) into stretch-backports (Paul Gevers)
[2017-11-29] cacti 1.1.28+ds1-2 MIGRATED to testing (Debian testing watch)
[2017-11-24] Accepted cacti 1.1.28+ds1-2 (source) into unstable (Paul Gevers)
[2017-11-20] Accepted cacti 1.1.28+ds1-1 (source) into unstable (Paul Gevers)
[2017-11-20] Accepted cacti 1.1.27+ds1-3~bpo9+1 (source) into stretch-backports (Paul Gevers)
[2017-11-20] cacti 1.1.27+ds1-3 MIGRATED to testing (Debian testing watch)
[2017-11-14] Accepted cacti 1.1.27+ds1-3 (source) into unstable (Paul Gevers)

bugs [bug history graph]

all: 4
RC: 0
I&N: 3
M&W: 1
F&P: 0
patch: 1

links

homepage
lintian (1, 4)
buildd: logs, clang, reproducibility
popcon
debci
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.1.38+ds1-1ubuntu1
2 bugs
patches for 1.1.38+ds1-1ubuntu1