Accepted: cacti, cacti, cacti_0.8.6h-3ubuntu0.2_i386_translations.tar.gz 0.8.6h-3ubuntu0.2 (source, i386, raw-translations)
Ubuntu Installer
archive at ubuntu.com
Tue Jan 29 19:56:07 GMT 2008
Accepted:
OK: cacti_0.8.6h.orig.tar.gz
OK: cacti_0.8.6h-3ubuntu0.2.diff.gz
OK: cacti_0.8.6h-3ubuntu0.2.dsc
-> Component: universe Section: web
OK: cacti_0.8.6h-3ubuntu0.2_all.deb
OK: cacti_0.8.6h-3ubuntu0.2_i386_translations.tar.gz
Format: 1.7
Date: Thu, 06 Dec 2007 10:37:01 +0100
Source: cacti
Binary: cacti
Architecture: i386_translations all source
Version: 0.8.6h-3ubuntu0.2
Distribution: edgy-security
Urgency: low
Maintainer: sean finney <seanius at debian.org>
Changed-By: Stephan Hermann <sh at sourcecode.de>
Description:
cacti - Frontend to rrdtool for monitoring systems and services
Changes:
cacti (0.8.6h-3ubuntu0.2) edgy-security; urgency=low
.
* SECURITY UPDATE: (LP: #164072)
+ CVE-2007-6035: SQL injection vulnerability in Cacti before 0.8.7a allows
remote attackers to execute arbitrary SQL commands via unspecified
vectors.
+ CVE-2007-3112: Cacti 0.8.6i, and possibly other versions, allows remote
authenticated users to cause a denial of service (CPU consumption) via a large
value of the (1) graph_start or (2) graph_end parameter.
+ CVE-2007-3113: Cacti 0.8.6i, and possibly other versions, allows remote
authenticated users to cause a denial of service (CPU consumption) via a large
value of the (1) graph_height or (2) graph_width parameter.
* debian/patches/10_CVE-2007-6035.dpatch: applied patch by upstream
(Link: http://www.cacti.net/downloads/patches/0.8.6j/sec_sql_injection-0.8.6j.patch)
* debian/patches/10_CVE-2007-3112+CVE-2007-3113.dpatch:
- Applied patch by upstream
- Link: http://svn.cacti.net/cgi-bin/viewvc.cgi/cacti/branches/0.8.7/graph_image.php?r1=3898&r2=3956&view=patch
* References:
CVE-2007-6035
CVE-2007-3112
CVE-2007-3113
Files:
6788de6352c72a67b40f9a40d30646cd 923660 web extra cacti_0.8.6h-3ubuntu0.2_all.deb
fe146d929bcdde3a769ff8ac3f0eb8cd 12663 raw-translations - cacti_0.8.6h-3ubuntu0.2_i386_translations.tar.gz
6ecd145bcab15d7be2ac2dfbc44497d1 601 web extra cacti_0.8.6h-3ubuntu0.2.dsc
77481f2d61f3795f2ef3ac3b76acbe1c 35721 web extra cacti_0.8.6h-3ubuntu0.2.diff.gz
More information about the edgy-changes
mailing list