Please backport cacti security fixes
Bug #1210822 reported by
Jeremy Stanley
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cacti (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Precise |
Won't Fix
|
Medium
|
Unassigned | ||
Trusty |
Fix Released
|
Medium
|
Steve Beattie | ||
Utopic |
Fix Released
|
Medium
|
Steve Beattie | ||
Vivid |
Fix Released
|
Medium
|
Steve Beattie |
Bug Description
The cacti source in Debian/sid as of today now addresses CVE-2013-1434 and CVE-2013-1435.
information type: | Private Security → Public Security |
tags: | added: patch |
summary: |
- Please import 0.8.8b+dfsg-2 from Debian and backport security fixes to - 12.04 LTS + Please backport security fixes to 12.04 LTS |
summary: |
- Please backport security fixes to 12.04 LTS + Please backport cacti security fixes |
Changed in cacti (Ubuntu Vivid): | |
status: | New → In Progress |
assignee: | nobody → Steve Beattie (sbeattie) |
Changed in cacti (Ubuntu Utopic): | |
status: | New → In Progress |
assignee: | nobody → Steve Beattie (sbeattie) |
Changed in cacti (Ubuntu Trusty): | |
status: | New → In Progress |
assignee: | nobody → Steve Beattie (sbeattie) |
Changed in cacti (Ubuntu Precise): | |
status: | New → In Progress |
assignee: | nobody → Steve Beattie (sbeattie) |
Changed in cacti (Ubuntu): | |
importance: | Undecided → Medium |
Changed in cacti (Ubuntu Precise): | |
importance: | Undecided → Medium |
Changed in cacti (Ubuntu Utopic): | |
importance: | Undecided → Medium |
Changed in cacti (Ubuntu Trusty): | |
importance: | Undecided → Medium |
Changed in cacti (Ubuntu Vivid): | |
importance: | Undecided → Medium |
Changed in cacti (Ubuntu): | |
status: | Confirmed → Fix Released |
Changed in cacti (Ubuntu Precise): | |
status: | In Progress → Triaged |
To post a comment you must log in.
This bug was fixed in the package cacti - 0.8.8b+dfsg-2
---------------
cacti (0.8.8b+dfsg-2) unstable; urgency=low
* CVE-2013-1435 fix cause a regression in the handling of empty COMMENT COMMENT_ in_graph_ regression_ from_CVE- 2013-1435. patch (Closes: #719156)
lines in the rrd legend. Fixed by upstream:
fix_
* Update jquery stylesheet to provide the cacti background color
-- Paul Gevers <email address hidden> Fri, 09 Aug 2013 22:34:26 +0200
cacti (0.8.8b+dfsg-1) unstable; urgency=low
* New upstream release cache_rebuild_ on_install. patch included mod-fcgid does not provide php5 SAPI.
- Fixes SQL or command line injection via snmp settings or
graph creation or edition that allows privileged users to execute
arbitrary SQL commands or command line commands. CVE-2013-1434 and
CVE-2013-1435
- poller_
* Add d/rules get-orig-source target and accompanying script
* Update japanese translation, thank victory (Closes: #717203)
* Update vcs-* fields (thanks lintian)
* Update standards (no changes needed)
* Update years and my address in d/copyright
* Allow any php5 SAPI provider to satify cacti dependency, thanks
Ondřej Surý (php5 maintainer). Thus reverting the solution to bug
#654843 as the original report was not a bug but a reporter mistake.
libapache2-
-- Paul Gevers <email address hidden> Wed, 07 Aug 2013 20:46:58 +0200