Register | Log in

cacti

web interface for graphing of monitoring systems

Choose email to subscribe with

general

source: cacti (main)
version: 1.2.2+ds1-2
maintainer: Cacti Maintainer (archive) [DMD]
uploaders: Paul Gevers [DMD]
arch: all
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 0.8.8b+dfsg-8+deb8u6
old-sec: 0.8.8b+dfsg-8+deb8u7
stable: 0.8.8h+ds1-10
testing: 1.2.2+ds1-2
unstable: 1.2.2+ds1-2

versioned links

0.8.8b+dfsg-8+deb8u6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8.8b+dfsg-8+deb8u7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8.8h+ds1-10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.2+ds1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

cacti

action needed

A new upstream version is available: 1.2.3 high

A new upstream version 1.2.3 is available, you should consider packaging it.

Created: 2019-04-01 Last update: 2019-05-25 06:09

lintian reports 1 error and 3 warnings high

Lintian reports 1 error and 3 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2018-04-08 Last update: 2019-03-12 04:36

Depends on packages which need a new maintainer normal

The packages that cacti depends on which need a new maintainer are:

lighttpd (#898110)
- Recommends: lighttpd
apache2 (#910917)
- Recommends: apache2

Created: 2018-01-14 Last update: 2019-05-25 06:08

8 ignored security issues in stretch low

There are 8 open security issues in stretch.

8 issues skipped by the security teams:

CVE-2019-11025: In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS.
CVE-2017-16641: lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.
CVE-2018-20724: A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
CVE-2018-20723: A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.
CVE-2018-10061: Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).
CVE-2018-20725: A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.
CVE-2018-10060: Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.
CVE-2018-20726: A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.

Please fix them.

Created: 2017-11-08 Last update: 2019-04-16 17:12

8 ignored security issues in jessie low

There are 8 open security issues in jessie.

8 issues skipped by the security teams:

CVE-2017-16641: lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.
CVE-2018-20724: A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
CVE-2018-20723: A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.
CVE-2017-1000031: SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.
CVE-2018-10061: Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).
CVE-2018-20725: A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.
CVE-2018-10060: Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.
CVE-2018-20726: A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.

Please fix them.

Created: 2017-07-19 Last update: 2019-04-16 17:12

news

[2019-04-16] Accepted cacti 0.8.8b+dfsg-8+deb8u7 (source all) into oldstable (Chris Lamb)
[2019-04-13] cacti 1.2.2+ds1-2 MIGRATED to testing (Debian testing watch)
[2019-04-11] Accepted cacti 1.2.2+ds1-2 (source) into unstable (Paul Gevers) (signed by: Graham Inggs)
[2019-03-10] cacti 1.2.2+ds1-1 MIGRATED to testing (Debian testing watch)
[2019-02-27] Accepted cacti 1.2.2+ds1-1 (source) into unstable (Paul Gevers)
[2019-02-25] cacti 1.2.1+ds1-2 MIGRATED to testing (Debian testing watch)
[2019-02-14] Accepted cacti 1.2.1+ds1-2 (source) into unstable (Paul Gevers)
[2019-02-02] cacti 1.2.1+ds1-1 MIGRATED to testing (Debian testing watch)
[2019-01-28] Accepted cacti 1.2.1+ds1-1 (source) into unstable (Paul Gevers)
[2018-12-30] cacti 1.1.38+ds1-2 MIGRATED to testing (Debian testing watch)
[2018-12-27] Accepted cacti 1.1.38+ds1-2 (source) into unstable (Paul Gevers)
[2018-12-02] Accepted cacti 1.2.0~beta4+ds1-1 (source) into experimental (Paul Gevers)
[2018-10-28] Accepted cacti 1.2.0~beta2+ds1-1 (source) into experimental (Paul Gevers)
[2018-04-26] Accepted cacti 1.1.38+ds1-1~bpo9+1 (source) into stretch-backports (Paul Gevers)
[2018-04-23] cacti 1.1.38+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-04-18] Accepted cacti 1.1.38+ds1-1 (source) into unstable (Paul Gevers)
[2018-04-18] cacti 1.1.37+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-04-12] Accepted cacti 1.1.37+ds1-1 (source) into unstable (Paul Gevers)
[2018-03-12] Accepted cacti 1.1.36+ds1-1~bpo9+1 (source) into stretch-backports (Paul Gevers)
[2018-03-06] cacti 1.1.36+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-02-28] Accepted cacti 1.1.36+ds1-1 (source) into unstable (Paul Gevers)
[2018-02-19] Accepted cacti 1.1.35+ds1-1~bpo9+1 (source) into stretch-backports (Paul Gevers)
[2018-02-19] cacti 1.1.35+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-02-13] Accepted cacti 1.1.35+ds1-1 (source) into unstable (Paul Gevers)
[2018-02-12] Accepted cacti 1.1.34+ds1-1~bpo9+1 (source) into stretch-backports (Paul Gevers)
[2018-02-12] cacti 1.1.34+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-02-06] Accepted cacti 1.1.34+ds1-1 (source) into unstable (Paul Gevers)
[2018-01-23] cacti 1.1.31+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-01-17] Accepted cacti 1.1.31+ds1-1 (source) into unstable (Paul Gevers)
[2018-01-12] Accepted cacti 1.1.30+ds1-1~bpo9+1 (source) into stretch-backports (Paul Gevers)

1
2

bugs [bug history graph]

all: 4 6
RC: 0
I&N: 4 6
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (1, 3)
buildd: logs, clang, reproducibility
popcon
debci
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.2.2+ds1-2
2 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing