Register | Log in

cacti

web interface for graphing of monitoring systems

Choose email to subscribe with

general

source: cacti (main)
version: 1.2.2+ds1-1
maintainer: Cacti Maintainer (archive) [DMD]
uploaders: Paul Gevers [DMD]
arch: all
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.8.8a+dfsg-5+deb7u8
o-o-sec: 0.8.8a+dfsg-5+deb7u10
oldstable: 0.8.8b+dfsg-8+deb8u6
old-sec: 0.8.8b+dfsg-8+deb8u4
stable: 0.8.8h+ds1-10
stable-bpo: 1.1.38+ds1-1~bpo9+1
testing: 1.2.2+ds1-1
unstable: 1.2.2+ds1-1

versioned links

0.8.8a+dfsg-5+deb7u8: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8.8a+dfsg-5+deb7u10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8.8b+dfsg-8+deb8u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8.8b+dfsg-8+deb8u6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8.8h+ds1-10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.1.38+ds1-1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.2+ds1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

cacti

action needed

lintian reports 1 error and 3 warnings high

Lintian reports 1 error and 3 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2018-04-08 Last update: 2019-03-12 04:36

Depends on packages which need a new maintainer normal

The packages that cacti depends on which need a new maintainer are:

lighttpd (#898110)
- Recommends: lighttpd
apache2 (#910917)
- Recommends: apache2

Created: 2018-01-14 Last update: 2019-03-22 05:36

6 new commits since last upload, time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit e8b92f08c859806494b465e022acca9b80ff8c68
Author: Paul Gevers <elbrus@debian.org>
Date:   Tue Feb 26 21:48:17 2019 +0100

    Update d/changelog for release 1.2.2+ds1-1

commit 8aaf59e441b071347c697aeef278a9b30d011266
Merge: adb1992 9458192
Author: Paul Gevers <elbrus@debian.org>
Date:   Tue Feb 26 21:04:50 2019 +0100

    Update upstream source from tag 'upstream/1.2.2+ds1'
    
    Update to upstream version '1.2.2+ds1'
    with Debian dir 594aa27f12533f0313d5a15b076c1692580be007

commit 945819215d069d472304e2795a3af2e527ca7c5f
Author: Paul Gevers <elbrus@debian.org>
Date:   Tue Feb 26 21:04:02 2019 +0100

    New upstream version 1.2.2+ds1

commit adb1992e2c943daedad9de44a8de74110168469a
Author: Paul Gevers <elbrus@debian.org>
Date:   Wed Feb 20 22:11:59 2019 +0100

    Fix typo in debian.php.dist
    
    Closes: #922651

commit 7b6eec863010bb967a33abfded5eccc17c68424e
Author: Paul Gevers <elbrus@debian.org>
Date:   Wed Feb 20 21:36:44 2019 +0100

    Move to fonts-fork-awesome
    
    Closes: #922779

commit 747614461c55b390a4b1bf53601558b9a2ac1bdc
Author: Paul Gevers <elbrus@debian.org>
Date:   Wed Feb 20 21:21:33 2019 +0100

    tests: add one more Ubuntu case
    
    Closes: #922437

Created: 2019-02-27 Last update: 2019-03-21 05:30

7 ignored security issues in stretch low

There are 7 open security issues in stretch.

7 issues skipped by the security teams:

CVE-2018-20723: A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.
CVE-2017-16641: lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.
CVE-2018-20724: A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
CVE-2018-20726: A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.
CVE-2018-20725: A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.
CVE-2018-10060: Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.
CVE-2018-10061: Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).

Please fix them.

Created: 2017-11-08 Last update: 2019-03-10 05:57

8 ignored security issues in jessie low

There are 8 open security issues in jessie.

8 issues skipped by the security teams:

CVE-2018-20723: A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.
CVE-2017-16641: lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.
CVE-2018-20726: A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.
CVE-2018-20724: A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
CVE-2017-1000031: SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.
CVE-2018-20725: A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.
CVE-2018-10060: Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.
CVE-2018-10061: Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).

Please fix them.

Created: 2017-07-19 Last update: 2019-03-10 05:57

news

[2019-03-10] cacti 1.2.2+ds1-1 MIGRATED to testing (Debian testing watch)
[2019-02-27] Accepted cacti 1.2.2+ds1-1 (source) into unstable (Paul Gevers)
[2019-02-25] cacti 1.2.1+ds1-2 MIGRATED to testing (Debian testing watch)
[2019-02-14] Accepted cacti 1.2.1+ds1-2 (source) into unstable (Paul Gevers)
[2019-02-02] cacti 1.2.1+ds1-1 MIGRATED to testing (Debian testing watch)
[2019-01-28] Accepted cacti 1.2.1+ds1-1 (source) into unstable (Paul Gevers)
[2018-12-30] cacti 1.1.38+ds1-2 MIGRATED to testing (Debian testing watch)
[2018-12-27] Accepted cacti 1.1.38+ds1-2 (source) into unstable (Paul Gevers)
[2018-12-02] Accepted cacti 1.2.0~beta4+ds1-1 (source) into experimental (Paul Gevers)
[2018-10-28] Accepted cacti 1.2.0~beta2+ds1-1 (source) into experimental (Paul Gevers)
[2018-04-26] Accepted cacti 1.1.38+ds1-1~bpo9+1 (source) into stretch-backports (Paul Gevers)
[2018-04-23] cacti 1.1.38+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-04-18] Accepted cacti 1.1.38+ds1-1 (source) into unstable (Paul Gevers)
[2018-04-18] cacti 1.1.37+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-04-12] Accepted cacti 1.1.37+ds1-1 (source) into unstable (Paul Gevers)
[2018-03-12] Accepted cacti 1.1.36+ds1-1~bpo9+1 (source) into stretch-backports (Paul Gevers)
[2018-03-06] cacti 1.1.36+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-02-28] Accepted cacti 1.1.36+ds1-1 (source) into unstable (Paul Gevers)
[2018-02-19] Accepted cacti 1.1.35+ds1-1~bpo9+1 (source) into stretch-backports (Paul Gevers)
[2018-02-19] cacti 1.1.35+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-02-13] Accepted cacti 1.1.35+ds1-1 (source) into unstable (Paul Gevers)
[2018-02-12] Accepted cacti 1.1.34+ds1-1~bpo9+1 (source) into stretch-backports (Paul Gevers)
[2018-02-12] cacti 1.1.34+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-02-06] Accepted cacti 1.1.34+ds1-1 (source) into unstable (Paul Gevers)
[2018-01-23] cacti 1.1.31+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-01-17] Accepted cacti 1.1.31+ds1-1 (source) into unstable (Paul Gevers)
[2018-01-12] Accepted cacti 1.1.30+ds1-1~bpo9+1 (source) into stretch-backports (Paul Gevers)
[2018-01-11] cacti 1.1.30+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-01-05] Accepted cacti 1.1.30+ds1-1 (source) into unstable (Paul Gevers)
[2018-01-02] cacti 1.1.29+ds1-1 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 3 5
RC: 0
I&N: 3 5
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (1, 3)
buildd: logs, clang, reproducibility
popcon
debci
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.2.2+ds1-1
2 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing