[ubuntu/focal-proposed] cacti 1.2.9+ds1-1ubuntu1 (Accepted)

Rafael David Tinoco rafaeldtinoco at ubuntu.com
Wed Feb 19 11:37:14 UTC 2020 

cacti (1.2.9+ds1-1ubuntu1) focal; urgency=medium

  * Merge with Debian unstable (LP: #1863739). Remaining changes:
    - General installing instructions update for NO_AUTO_CREATE_USER.
    - Use new dbconfig "dbc_authplugin" variable to mitigate MySQL 8 issues.
  * Dropped changes [upstream]:
    - MySQL 8 change needs: NO_AUTO_CREATE_USER and grouping keyword.
  * Dropped changes [debian]:
    - Replace php-php-gettext dependency in order to fix translations
      (LP #1844070)

cacti (1.2.9+ds1-1) unstable; urgency=medium

  * New upstream version 1.2.9+ds1
    CVE-2020-7106 Remote Code Execution (by privileged users) via shell
    metacharacters in the Performance Boost Debug Log field of
    poller_automation.php. (Closes: #949996)
    CVE-2020-7237 Stored XSS in data_sources.php,
    color_templates_item.php, graphs.php, graph_items.php,
    lib/api_automation.php, user_admin.php, and user_group_admin.php, as
    demonstrated by the description parameter in data_sources.php (Closes:
    #949997)

cacti (1.2.8+ds1-1) unstable; urgency=medium

  * New upstream version 1.2.8+ds1
    CVE-2019-17357 When viewing graphs, some input variables are not
    properly checked (SQL injection possible) (Closes: #947374)
    CVE-2019-17358 When deserializating data, ensure basic sanitization
    has been performed (Closes: #947375)

cacti (1.2.7+ds1-1) unstable; urgency=medium

  * New upstream version 1.2.7+ds1
    CVE-2019-16723 Security issue allows to view all graphs (Closes:
    #941036)
  * Refresh and drop patches to match upstream

cacti (1.2.6+ds1-3) unstable; urgency=medium

  * Add 0001-Resolving-Issue-2984.patch to fix CI error

cacti (1.2.6+ds1-2) unstable; urgency=medium

  [ Paul Gevers]
  * Fix autopkgtest regression with 0001-Resolving-Issue-2899.patch from
    upstream
  * Apache skipped the php section in apache.conf since PHP 7 (Closes:
    #934898)
  * Translations were broken since 1.2.4+ds1-1. Import upstream solution
    enabling the use of php-phpmyadmin-motranslator.

  [ Rafael David Tinoco ]
  * Prepare sql commands for MySQL 8 (See: #933683)

Date: Tue, 18 Feb 2020 13:28:26 +0000
Changed-By: Rafael David Tinoco <rafaeldtinoco at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/cacti/1.2.9+ds1-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 18 Feb 2020 13:28:26 +0000
Source: cacti
Architecture: source
Version: 1.2.9+ds1-1ubuntu1
Distribution: focal
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Rafael David Tinoco <rafaeldtinoco at ubuntu.com>
Closes: 934898 941036 947374 947375 949996 949997
Launchpad-Bugs-Fixed: 1863739
Changes:
 cacti (1.2.9+ds1-1ubuntu1) focal; urgency=medium
 .
   * Merge with Debian unstable (LP: #1863739). Remaining changes:
     - General installing instructions update for NO_AUTO_CREATE_USER.
     - Use new dbconfig "dbc_authplugin" variable to mitigate MySQL 8 issues.
   * Dropped changes [upstream]:
     - MySQL 8 change needs: NO_AUTO_CREATE_USER and grouping keyword.
   * Dropped changes [debian]:
     - Replace php-php-gettext dependency in order to fix translations
       (LP #1844070)
 .
 cacti (1.2.9+ds1-1) unstable; urgency=medium
 .
   * New upstream version 1.2.9+ds1
     CVE-2020-7106 Remote Code Execution (by privileged users) via shell
     metacharacters in the Performance Boost Debug Log field of
     poller_automation.php. (Closes: #949996)
     CVE-2020-7237 Stored XSS in data_sources.php,
     color_templates_item.php, graphs.php, graph_items.php,
     lib/api_automation.php, user_admin.php, and user_group_admin.php, as
     demonstrated by the description parameter in data_sources.php (Closes:
     #949997)
 .
 cacti (1.2.8+ds1-1) unstable; urgency=medium
 .
   * New upstream version 1.2.8+ds1
     CVE-2019-17357 When viewing graphs, some input variables are not
     properly checked (SQL injection possible) (Closes: #947374)
     CVE-2019-17358 When deserializating data, ensure basic sanitization
     has been performed (Closes: #947375)
 .
 cacti (1.2.7+ds1-1) unstable; urgency=medium
 .
   * New upstream version 1.2.7+ds1
     CVE-2019-16723 Security issue allows to view all graphs (Closes:
     #941036)
   * Refresh and drop patches to match upstream
 .
 cacti (1.2.6+ds1-3) unstable; urgency=medium
 .
   * Add 0001-Resolving-Issue-2984.patch to fix CI error
 .
 cacti (1.2.6+ds1-2) unstable; urgency=medium
 .
   [ Paul Gevers]
   * Fix autopkgtest regression with 0001-Resolving-Issue-2899.patch from
     upstream
   * Apache skipped the php section in apache.conf since PHP 7 (Closes:
     #934898)
   * Translations were broken since 1.2.4+ds1-1. Import upstream solution
     enabling the use of php-phpmyadmin-motranslator.
 .
   [ Rafael David Tinoco ]
   * Prepare sql commands for MySQL 8 (See: #933683)
Checksums-Sha1:
 d8851dfd2044b1824277e8ef0fda63c59abfea56 2558 cacti_1.2.9+ds1-1ubuntu1.dsc
 c8922b88e74ee62fdd2d77b85ddbe7de1a165f96 13512524 cacti_1.2.9+ds1.orig-docs-source.tar.gz
 c08262fde3456121ddc7eaa3afa347bdd743cdf6 7225339 cacti_1.2.9+ds1.orig.tar.gz
 c554444a43d879e0439e0d0770b66d0d5e4922f1 54744 cacti_1.2.9+ds1-1ubuntu1.debian.tar.xz
 8592eee3036b29807669648e9f25de936b233474 6520 cacti_1.2.9+ds1-1ubuntu1_source.buildinfo
Checksums-Sha256:
 040cde5c8a9444f517a22ad3c445e8e71b4a793ec2dcfca01c2102c9506037aa 2558 cacti_1.2.9+ds1-1ubuntu1.dsc
 054c00f8453f2b836fdf165e25f4ce66705c0aa075084b570c3f707a622bcb83 13512524 cacti_1.2.9+ds1.orig-docs-source.tar.gz
 4e8147ed82939ce7b7a8d04a3ae7727aad5904ebe83591e69cf3352aea427db8 7225339 cacti_1.2.9+ds1.orig.tar.gz
 e8307f705ac1e57cfa8aee0d28a51e75ad19cfef00b26838be6cd6debe9eb4cc 54744 cacti_1.2.9+ds1-1ubuntu1.debian.tar.xz
 985a3a98d98fe5de0a228480aab99130a5eaf8a378683a64b5528180ac35c986 6520 cacti_1.2.9+ds1-1ubuntu1_source.buildinfo
Files:
 f899dff042e2a7f61c98a543b8d75790 2558 web optional cacti_1.2.9+ds1-1ubuntu1.dsc
 77a4557cb0f6c21d910da7a4590da3c5 13512524 web optional cacti_1.2.9+ds1.orig-docs-source.tar.gz
 76128ec28bd5eadc9f860a5c46d6f6e1 7225339 web optional cacti_1.2.9+ds1.orig.tar.gz
 e60d12e4ac0b53a64d5d35f818c34e62 54744 web optional cacti_1.2.9+ds1-1ubuntu1.debian.tar.xz
 586d1cb00ddf0bb8ad45d57d831a5fc1 6520 web optional cacti_1.2.9+ds1-1ubuntu1_source.buildinfo
Original-Maintainer: Cacti Maintainer <pkg-cacti-maint at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE9/EO4QjRa7yS94ISqT4OCtg8DQ8FAl5NHQUACgkQqT4OCtg8
DQ8JoxAAjuvtafsBTBNAESqseTVfXcPU+h+vRrJCCnboy3OyCRxBAs6tWqifOX3q
SVnDE+cqodeo7dvsSC8nZUaFTVbJ+CqOmd8pIa+M9mguvSp8Ldkt86ZqA57rR3Du
8KMYp2FZN6pIw6J6/V5pe339E7P+U5s7tVY7yKYl06O5OsLfS3819+okSvagpMZZ
8JJoFbZ9O08ALiNb5lc5hn06dpeCj1nOu/oIOvN7g66KTLQl9HdQgG0kZaCwlu4f
W3Lc2hkoct4VWjpLCVW59HmFE5T2bfgZ2niWohpA7E8R0P00/hMo4z5MbSPtaBNR
RdUkMsazEm+k/9hX9uK/hptIRAFlBveTFNjgYVviCgkY0p03mDGbkWzhHkFshZXQ
qKjLZNsj4vpRtTfPsNySGy2hv8+cxIUfBw29vMR8RkPPqwSK529f5vtVeITogkpR
5hSFHINzC93pbG2k4shlUU3RmE3W60K/q/luj/2ztB6wj8m77tnW35rY++CTVaay
GGcGEsJcmb+l+LDzeVwGa1jU6frBC/pUVq8j5QHxpSI7mKFO8F0+LYvHIZJ9Ptrh
PuDSwuUuplcT0SO7STEobtHW7tUygqj8elS1gj+FW5C7GUlaWbG7BVVvvyV6S5bb
wrKBD/E10sR10lIQMA1OwU0OxkLxgSMFF546nCl+l9TK4DYgkEQ=
=ZnIt
-----END PGP SIGNATURE-----

More information about the Focal-changes mailing list