Accepted: cacti, cacti, cacti_0.8.6i-3ubuntu0.1_i386_translations.tar.gz 0.8.6i-3ubuntu0.1 (source, i386, raw-translations)

Ubuntu Installer archive at ubuntu.com
Tue Jan 29 19:56:14 GMT 2008 

Accepted:
 OK: cacti_0.8.6i.orig.tar.gz
 OK: cacti_0.8.6i-3ubuntu0.1.diff.gz
 OK: cacti_0.8.6i-3ubuntu0.1.dsc
     -> Component: universe Section: web
 OK: cacti_0.8.6i-3ubuntu0.1_all.deb
 OK: cacti_0.8.6i-3ubuntu0.1_i386_translations.tar.gz

Format: 1.7
Date: Tue, 20 Nov 2007 15:57:18 +0100
Source: cacti
Binary: cacti
Architecture: i386_translations all source
Version: 0.8.6i-3ubuntu0.1
Distribution: feisty-security
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Stephan Hermann <sh at sourcecode.de>
Description:
 cacti      - Frontend to rrdtool for monitoring systems and services
Changes:
 cacti (0.8.6i-3ubuntu0.1) feisty-security; urgency=low
 .
   * SECURITY UPDATE: (LP: #164072)
     + CVE-2007-6035: SQL injection vulnerability in Cacti before 0.8.7a allows
       remote attackers to execute arbitrary SQL commands via unspecified
       vectors.
     + CVE-2007-3112: Cacti 0.8.6i, and possibly other versions, allows remote
       authenticated users to cause a denial of service (CPU consumption) via a large
       value of the (1) graph_start or (2) graph_end parameter.
     + CVE-2007-3113: Cacti 0.8.6i, and possibly other versions, allows remote
       authenticated users to cause a denial of service (CPU consumption) via a large
       value of the (1) graph_height or (2) graph_width parameter.
   * debian/patches/10_CVE-2007-6035.dpatch: applied patch by upstream
     (Link: http://www.cacti.net/downloads/patches/0.8.6j/sec_sql_injection-0.8.6j.patch)
   * debian/patches/10_CVE-2007-3112+CVE-2007-3113.dpatch:
     - Applied patch by upstream
     - Link: http://svn.cacti.net/cgi-bin/viewvc.cgi/cacti/branches/0.8.7/graph_image.php?r1=3898&r2=3956&view=patch
   * References:
     CVE-2007-6035
     CVE-2007-3112
     CVE-2007-3113
Files:
 c00aa7e52350d51297f0fab441f751bb 955948 web extra cacti_0.8.6i-3ubuntu0.1_all.deb
 27ce53fcdac64899b64a8a2c109a75ba 12642 raw-translations - cacti_0.8.6i-3ubuntu0.1_i386_translations.tar.gz
 2685590894ed78cec52e472bd2de2659 670 web extra cacti_0.8.6i-3ubuntu0.1.dsc
 148523b9897b03cd8a82662d9b5f5372 35174 web extra cacti_0.8.6i-3ubuntu0.1.diff.gz
Launchpad-Bugs-Fixed: 164072
Original-Maintainer: sean finney <seanius at debian.org>

More information about the feisty-changes mailing list