[ubuntu/noble-updates] cacti 1.2.26+ds1-1ubuntu0.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Tue Aug 20 12:58:12 UTC 2024
cacti (1.2.26+ds1-1ubuntu0.1) noble-security; urgency=medium
* SECURITY UPDATE: remote code execution issue
- debian/patches/CVE-2024-25641.patch: fix RCE exploitable through the
"Package Import" feature
- debian/patches/CVE-2024-31459.patch: fix file inclusion issue in the
lib/plugin.php
- CVE-2024-25641
- CVE-2024-31459
* SECURITY UPDATE: cross-site scripting issue
- debian/patches/CVE-2024-29894-1.patch: fix `raise_message_javascript`
from `lib/functions.php`
- debian/patches/CVE-2024-29894-2.patch: remaining fix
`raise_message_javascript` from `lib/functions.php`
- debian/patches/CVE-2024-31443.patch: fix HTML statement in
`grow_right_pane_tree()` function from `lib/html.php`
- debian/patches/CVE-2024-31444.patch: fix
automation_tree_rules_form_save() function in automation_tree_rules.php
- CVE-2024-29894
- CVE-2024-31443
- CVE-2024-31444
* SECURITY UPDATE: sql injection issue
- debian/patches/CVE-2024-31445.patch: fix `automation_get_new_graphs_sql`
function of `api_automation.php`
- debian/patches/CVE-2024-31458.patch: fix `form_save()` function in
`graph_template_inputs.php`
- debian/patches/CVE-2024-31460.patch: fix `create_all_header_nodes()`
function from `lib/api_automation.php`
- CVE-2024-31445
- CVE-2024-31458
- CVE-2024-31460
* SECURITY UPDATE: type juggling issue
- debian/patches/CVE-2024-34340.patch: fix issue in `compat_password_verify`
method
- CVE-2024-34340
* debian/tests/check-all-pages: update filtered log for
/var/log/cacti/cacti.log test
Date: 2024-08-20 06:15:09.874360+00:00
Changed-By: Nishit Majithia <nishit.majithia at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/cacti/1.2.26+ds1-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list