Accepted: cacti, cacti, cacti_0.8.6h-3ubuntu0.2_i386_translations.tar.gz 0.8.6h-3ubuntu0.2 (source, i386, raw-translations)

Ubuntu Installer archive at ubuntu.com
Tue Jan 29 19:56:07 GMT 2008 

Accepted:
 OK: cacti_0.8.6h.orig.tar.gz
 OK: cacti_0.8.6h-3ubuntu0.2.diff.gz
 OK: cacti_0.8.6h-3ubuntu0.2.dsc
     -> Component: universe Section: web
 OK: cacti_0.8.6h-3ubuntu0.2_all.deb
 OK: cacti_0.8.6h-3ubuntu0.2_i386_translations.tar.gz

Format: 1.7
Date: Thu, 06 Dec 2007 10:37:01 +0100
Source: cacti
Binary: cacti
Architecture: i386_translations all source
Version: 0.8.6h-3ubuntu0.2
Distribution: edgy-security
Urgency: low
Maintainer: sean finney <seanius at debian.org>
Changed-By: Stephan Hermann <sh at sourcecode.de>
Description:
 cacti      - Frontend to rrdtool for monitoring systems and services
Changes:
 cacti (0.8.6h-3ubuntu0.2) edgy-security; urgency=low
 .
   * SECURITY UPDATE: (LP: #164072)
     + CVE-2007-6035: SQL injection vulnerability in Cacti before 0.8.7a allows
       remote attackers to execute arbitrary SQL commands via unspecified
       vectors.
     + CVE-2007-3112: Cacti 0.8.6i, and possibly other versions, allows remote
       authenticated users to cause a denial of service (CPU consumption) via a large
       value of the (1) graph_start or (2) graph_end parameter.
     + CVE-2007-3113: Cacti 0.8.6i, and possibly other versions, allows remote
       authenticated users to cause a denial of service (CPU consumption) via a large
       value of the (1) graph_height or (2) graph_width parameter.
   * debian/patches/10_CVE-2007-6035.dpatch: applied patch by upstream
     (Link: http://www.cacti.net/downloads/patches/0.8.6j/sec_sql_injection-0.8.6j.patch)
   * debian/patches/10_CVE-2007-3112+CVE-2007-3113.dpatch:
     - Applied patch by upstream
     - Link: http://svn.cacti.net/cgi-bin/viewvc.cgi/cacti/branches/0.8.7/graph_image.php?r1=3898&r2=3956&view=patch
   * References:
     CVE-2007-6035
     CVE-2007-3112
     CVE-2007-3113
Files:
 6788de6352c72a67b40f9a40d30646cd 923660 web extra cacti_0.8.6h-3ubuntu0.2_all.deb
 fe146d929bcdde3a769ff8ac3f0eb8cd 12663 raw-translations - cacti_0.8.6h-3ubuntu0.2_i386_translations.tar.gz
 6ecd145bcab15d7be2ac2dfbc44497d1 601 web extra cacti_0.8.6h-3ubuntu0.2.dsc
 77481f2d61f3795f2ef3ac3b76acbe1c 35721 web extra cacti_0.8.6h-3ubuntu0.2.diff.gz

More information about the edgy-changes mailing list