Accepted: cacti, cacti, cacti_0.8.6h-3ubuntu0.3_i386_translations.tar.gz 0.8.6h-3ubuntu0.3 (source, i386, raw-translations)
Ubuntu Installer
archive at ubuntu.com
Fri Feb 22 02:55:24 GMT 2008
- Previous message: Accepted: pcre3, pcre3, pcre3, pcre3, pcre3, pcre3 7.4-0ubuntu0.6.10.2 (source, amd64, i386, ia64, powerpc, sparc)
- Next message: Accepted: lighttpd, lighttpd, lighttpd, lighttpd, lighttpd 1.4.13~r1370-1ubuntu1.4 (source, amd64, i386, powerpc, sparc)
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Accepted:
OK: cacti_0.8.6h.orig.tar.gz
OK: cacti_0.8.6h-3ubuntu0.3.diff.gz
OK: cacti_0.8.6h-3ubuntu0.3.dsc
-> Component: universe Section: web
OK: cacti_0.8.6h-3ubuntu0.3_all.deb
OK: cacti_0.8.6h-3ubuntu0.3_i386_translations.tar.gz
Format: 1.7
Date: Sun, 17 Feb 2008 21:41:59 +0100
Source: cacti
Binary: cacti
Architecture: i386_translations all source
Version: 0.8.6h-3ubuntu0.3
Distribution: edgy-security
Urgency: low
Maintainer: sean finney <seanius at debian.org>
Changed-By: Emanuele Gentili <emgent at emanuele-gentili.com>
Description:
cacti - Frontend to rrdtool for monitoring systems and services
Changes:
cacti (0.8.6h-3ubuntu0.3) edgy-security; urgency=low
.
* SECURITY UPDATE: (LP: #192199)
+ CVE-2008-0783: Multiple cross-site scripting (XSS) vulnerabilities in
Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to
inject arbitrary web script or HTML via the (1) view_type parameter to
graph.php, (2) filter parameter to graph_view.php, and (3) action and
login_username parameters to index.php/login.
+ CVE-2008-0784: graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before
0.8.6k allows remote attackers to obtain the full path via an invalid
local_graph_id parameter and other unspecified vectors.
* debian/patches/11_CVE-2008-0783_CVE-2008-0784.dpatch: applied patch by
upstream. (backported from 0.8.6j)
(Link: http://www.cacti.net/downloads/patches/0.8.6j/multiple_vulnerabilities-0.8.6j.patch)
* References:
CVE-2008-0783
CVE-2008-0784
Files:
ac6bde9e5cda87d6358e843de78e9d5f 924410 web extra cacti_0.8.6h-3ubuntu0.3_all.deb
6ce3a1ce5fc9a97967b0dec4b08c2cc9 12733 raw-translations - cacti_0.8.6h-3ubuntu0.3_i386_translations.tar.gz
d92ebfbdd9b71b435ada07e3e0706408 601 web extra cacti_0.8.6h-3ubuntu0.3.dsc
e604cf4e64d06666d28acbef2de4ba87 38442 web extra cacti_0.8.6h-3ubuntu0.3.diff.gz
- Previous message: Accepted: pcre3, pcre3, pcre3, pcre3, pcre3, pcre3 7.4-0ubuntu0.6.10.2 (source, amd64, i386, ia64, powerpc, sparc)
- Next message: Accepted: lighttpd, lighttpd, lighttpd, lighttpd, lighttpd 1.4.13~r1370-1ubuntu1.4 (source, amd64, i386, powerpc, sparc)
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the edgy-changes
mailing list