Accepted:
OK: cacti_0.8.6h.orig.tar.gz
OK: cacti_0.8.6h-1ubuntu3.2.diff.gz
OK: cacti_0.8.6h-1ubuntu3.2.dsc
-> Component: universe Section: web
OK: cacti_0.8.6h-1ubuntu3.2_all.deb
OK: cacti_0.8.6h-1ubuntu3.2_i386_translations.tar.gz
Format: 1.7
Date: Fri, 15 Feb 2008 21:30:58 +0100
Source: cacti
Binary: cacti
Architecture: i386_translations all source
Version: 0.8.6h-1ubuntu3.2
Distribution: dapper-security
Urgency: low
Maintainer: sean finney <[EMAIL PROTECTED]>
Changed-By: Stephan Hermann <[EMAIL PROTECTED]>
Description:
cacti - Frontend to rrdtool for monitoring systems and services
Changes:
cacti (0.8.6h-1ubuntu3.2) dapper-security; urgency=low
.
* SECURITY UPDATE: (LP: #192199)
+ CVE-2008-0783: Multiple cross-site scripting (XSS) vulnerabilities in
Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers
to
inject arbitrary web script or HTML via the (1) view_type parameter to
graph.php, (2) filter parameter to graph_view.php, and (3) action and
login_username parameters to index.php/login.
+ CVE-2008-0784: graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before
0.8.6k allows remote attackers to obtain the full path via an invalid
local_graph_id parameter and other unspecified vectors.
* debian/patches/10_CVE-2008-0783_CVE-2008-0784.dpatch: applied patch by
upstream. Backported from 0.8.6j
(Link:
http://www.cacti.net/downloads/patches/0.8.6j/multiple_vulnerabilities-0.8.6j.patch)
* References:
CVE-2008-0783
CVE-2008-0784
Files:
726f943db5dfa8dfab7129cf4e155df4 922642 web extra
cacti_0.8.6h-1ubuntu3.2_all.deb
d4ef420a8756e24943a40d082b81dc2f 13018 raw-translations -
cacti_0.8.6h-1ubuntu3.2_i386_translations.tar.gz
5a5dbedda735059ddcd3b22737503636 601 web extra cacti_0.8.6h-1ubuntu3.2.dsc
f2e1c7a5737d58eb748368be6489364f 35245 web extra
cacti_0.8.6h-1ubuntu3.2.diff.gz
--
dapper-changes mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/dapper-changes
