Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cacti for openSUSE:Factory checked in at 2023-12-25 19:06:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cacti (Old) and /work/SRC/openSUSE:Factory/.cacti.new.28375 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cacti" Mon Dec 25 19:06:05 2023 rev:48 rq:1134986 version:1.2.26 Changes: -------- --- /work/SRC/openSUSE:Factory/cacti/cacti.changes 2023-09-07 21:14:05.660208005 +0200 +++ /work/SRC/openSUSE:Factory/.cacti.new.28375/cacti.changes 2023-12-25 19:06:20.743771334 +0100 @@ -1,0 +2,48 @@ +Sun Dec 24 13:03:26 UTC 2023 - Andreas Stieger <[email protected]> + +- cacti 1.2.26: + * CVE-2023-50250: XSS vulnerability when importing a template file (boo#1218380) + * CVE-2023-49084: RCE vulnerability when managing links (boo#1218360) + * CVE-2023-49085: SQL Injection vulnerability when managing poller devices (boo#1218378) + * CVE-2023-49086: XSS vulnerability when adding new devices (boo#1218366) + * CVE-2023-49088: XSS vulnerability when viewing data sources in debug mode (boo#1218379) + * CVE-2023-51448: SQL Injection vulnerability when managing SNMP Notification Receivers (boo#1218381) + * When viewing data sources, an undefined variable error may be seen + * Improvements for Poller Last Run Date + * Attempting to edit a Data Query that does not exist throws warnings and not an GUI error + * Improve PHP 8.1 support when adding devices + * Viewing Data Query Cache can cause errors to be logged + * Preserve option is not properly honoured when removing devices at command line + * Infinite recursion is possible during a database failure + * Monitoring Host CPU's does not always work on Windows endpoints + * Multi select drop down list box not rendered correctly in Chrome and Edge + * Selective Plugin Debugging may not always work as intended + * During upgrades, Plugins may be falsely reported as incompatible + * Plugin management at command line does not work with multiple plugins + * Improve PHP 8.1 support for incrementing only numbers + * Allow the renaming of guest and template accounts + * DS Stats issues warnings when the RRDfile has not been initialized + * When upgrading, missing data source profile can cause errors to be logged + * When deleting a single Data Source, purge historical debug data + * Improvements to form element warnings + * Some interface aliases do not appear correctly + * Aggregate graph does not show other percentiles + * Settings table updates for large values reverted by database repair + * When obtaining graph records, error messages may be recorded + * Unable to change a device's community at command line + * Increase timeout for RRDChecker + * When viewing a graph, option to edit template may lead to incorrect URL + * When upgrading, failures may occur due to missing color table keys + * On installation, allow a more appropriate template to be used as the default + * When data input parameters are allowed to be null, allow null + * CSV Exports may not always output data correctly + * When debugging a graph, long CDEF's can cause undesirable scrolling + * Secondary LDAP server not evaluated when the first one has failed + * When adding a device, using the bulk walk option can make version information appear + * When parsing a Data Query resource, an error can be reported if no direction is specified + * Database reconnection can cause errors to be reported incorrectly + * fix returned value if $sau is empty + * Add Aruba switch, Aruba controller and HPE iLO templates + * Add OSCX 6x00 templates + +------------------------------------------------------------------- Old: ---- cacti-1.2.25.tar.gz New: ---- cacti-1.2.26.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cacti.spec ++++++ --- /var/tmp/diff_new_pack.Y4ld0o/_old 2023-12-25 19:06:21.459797464 +0100 +++ /var/tmp/diff_new_pack.Y4ld0o/_new 2023-12-25 19:06:21.459797464 +0100 @@ -28,7 +28,7 @@ %bcond_with systemd %endif Name: cacti -Version: 1.2.25 +Version: 1.2.26 Release: 0 Summary: Web Front-End to Monitor System Data via RRDtool License: GPL-2.0-or-later ++++++ cacti-1.2.25.tar.gz -> cacti-1.2.26.tar.gz ++++++ /work/SRC/openSUSE:Factory/cacti/cacti-1.2.25.tar.gz /work/SRC/openSUSE:Factory/.cacti.new.28375/cacti-1.2.26.tar.gz differ: char 26, line 1
