Debian Package Tracker

general

source: cacti (main)
version: 1.2.6+ds1-1
maintainer: Cacti Maintainer (archive) (DMD)
uploaders: Paul Gevers [DMD]
arch: all
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.8.8b+dfsg-8+deb8u6
o-o-sec: 0.8.8b+dfsg-8+deb8u7
oldstable: 0.8.8h+ds1-10
stable: 1.2.2+ds1-2+deb10u1
testing: 1.2.4+ds1-2
unstable: 1.2.6+ds1-1

versioned links

0.8.8b+dfsg-8+deb8u6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8.8b+dfsg-8+deb8u7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.8.8h+ds1-10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.2+ds1-2+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.4+ds1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.6+ds1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

cacti (8 bugs: 0, 8, 0, 0)

action needed

Debci reports failed tests high

unstable: fail (log)
The tests ran in 0h 15m 19s
Last run: 2019-09-15 14:46:59
Previous status: fail

testing: fail (log)
The tests ran in 0h 15m 21s
Last run: 2019-09-15 10:35:15
Previous status: pass

stable: pass (log)
The tests ran in 0h 8m 8s
Last run: 2019-08-29 12:06:07
Previous status: pass

Created: 2019-09-08 Last update: 2019-09-15 23:45

lintian reports 8 warnings high

Lintian reports 8 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2018-04-08 Last update: 2019-07-16 07:41

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2019-09-14 Last update: 2019-09-16 00:09

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2019-08-01 Last update: 2019-09-16 00:00

Depends on packages which need a new maintainer normal

The packages that cacti depends on which need a new maintainer are:

apache2 (#910917)
- Recommends: apache2
lighttpd (#898110)
- Recommends: lighttpd

Created: 2018-01-14 Last update: 2019-09-15 21:18

8 ignored security issues in jessie low

There are 8 open security issues in jessie.

8 issues skipped by the security teams:

CVE-2018-20726: A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.
CVE-2018-20724: A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
CVE-2018-20725: A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.
CVE-2018-20723: A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.
CVE-2018-10060: Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.
CVE-2018-10061: Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).
CVE-2017-1000031: SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.
CVE-2017-16641: lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.

Please fix them.

Created: 2017-07-19 Last update: 2019-09-09 07:58

8 ignored security issues in stretch low

There are 8 open security issues in stretch.

8 issues skipped by the security teams:

CVE-2018-20726: A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.
CVE-2018-20724: A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
CVE-2018-20725: A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.
CVE-2018-20723: A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.
CVE-2018-10060: Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.
CVE-2018-10061: Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).
CVE-2019-11025: In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS.
CVE-2017-16641: lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.

Please fix them.

Created: 2017-11-08 Last update: 2019-09-09 07:58

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.0 instead of 4.3.0).

Created: 2019-07-08 Last update: 2019-09-09 08:49

testing migrations

excuses:
- Migration status for cacti (1.2.4+ds1-2 to 1.2.6+ds1-1): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- autopkgtest for cacti/1.2.6+ds1-1: amd64: Regression ♻
- Additional info:
- Piuparts tested OK - https://piuparts.debian.org/sid/source/c/cacti.html
- 7 days old (needed 5 days)
- Not considered

news

[rss feed]

[2019-09-08] Accepted cacti 1.2.6+ds1-1 (source) into unstable (Paul Gevers)
[2019-07-30] Accepted cacti 1.2.2+ds1-2+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Paul Gevers)
[2019-07-18] cacti 1.2.4+ds1-2 MIGRATED to testing (Debian testing watch)
[2019-07-15] Accepted cacti 1.2.4+ds1-2 (source) into unstable (Paul Gevers)
[2019-07-15] Accepted cacti 1.2.4+ds1-1 (source) into unstable (Paul Gevers)
[2019-04-16] Accepted cacti 0.8.8b+dfsg-8+deb8u7 (source all) into oldstable (Chris Lamb)
[2019-04-13] cacti 1.2.2+ds1-2 MIGRATED to testing (Debian testing watch)
[2019-04-11] Accepted cacti 1.2.2+ds1-2 (source) into unstable (Paul Gevers) (signed by: Graham Inggs)
[2019-03-10] cacti 1.2.2+ds1-1 MIGRATED to testing (Debian testing watch)
[2019-02-27] Accepted cacti 1.2.2+ds1-1 (source) into unstable (Paul Gevers)
[2019-02-25] cacti 1.2.1+ds1-2 MIGRATED to testing (Debian testing watch)
[2019-02-14] Accepted cacti 1.2.1+ds1-2 (source) into unstable (Paul Gevers)
[2019-02-02] cacti 1.2.1+ds1-1 MIGRATED to testing (Debian testing watch)
[2019-01-28] Accepted cacti 1.2.1+ds1-1 (source) into unstable (Paul Gevers)
[2018-12-30] cacti 1.1.38+ds1-2 MIGRATED to testing (Debian testing watch)
[2018-12-27] Accepted cacti 1.1.38+ds1-2 (source) into unstable (Paul Gevers)
[2018-12-02] Accepted cacti 1.2.0~beta4+ds1-1 (source) into experimental (Paul Gevers)
[2018-10-28] Accepted cacti 1.2.0~beta2+ds1-1 (source) into experimental (Paul Gevers)
[2018-04-26] Accepted cacti 1.1.38+ds1-1~bpo9+1 (source) into stretch-backports (Paul Gevers)
[2018-04-23] cacti 1.1.38+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-04-18] Accepted cacti 1.1.38+ds1-1 (source) into unstable (Paul Gevers)
[2018-04-18] cacti 1.1.37+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-04-12] Accepted cacti 1.1.37+ds1-1 (source) into unstable (Paul Gevers)
[2018-03-12] Accepted cacti 1.1.36+ds1-1~bpo9+1 (source) into stretch-backports (Paul Gevers)
[2018-03-06] cacti 1.1.36+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-02-28] Accepted cacti 1.1.36+ds1-1 (source) into unstable (Paul Gevers)
[2018-02-19] Accepted cacti 1.1.35+ds1-1~bpo9+1 (source) into stretch-backports (Paul Gevers)
[2018-02-19] cacti 1.1.35+ds1-1 MIGRATED to testing (Debian testing watch)
[2018-02-13] Accepted cacti 1.1.35+ds1-1 (source) into unstable (Paul Gevers)
[2018-02-12] Accepted cacti 1.1.34+ds1-1~bpo9+1 (source) into stretch-backports (Paul Gevers)

bugs [bug history graph]

all: 6 8
RC: 0
I&N: 6 8
M&W: 0
F&P: 0
patch: 1

links

homepage
lintian (0, 8)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.2.4+ds1-2ubuntu2
2 bugs
patches for 1.2.4+ds1-2ubuntu2