Your message dated Sun, 17 Apr 2016 18:34:27 +0000
with message-id <[email protected]>
and subject line Bug#818647: fixed in cacti 0.8.8g+ds1-2
has caused the Debian Bug report #818647,
regarding cacti: CVE-2016-3172
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
818647: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818647
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: cacti
Version: 0.8.8g+ds1-1
Severity: important
Tags: security upstream patch
Forwarded: http://bugs.cacti.net/view.php?id=2667
Hi,
filling this as well in the BTS to have the cross reference.
CVE-2016-3172[0]:
SQL Injection Vulnerability
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-3172
[1] http://bugs.cacti.net/view.php?id=2667
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: cacti
Source-Version: 0.8.8g+ds1-2
We believe that the bug you reported is fixed in the latest version of
cacti, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Paul Gevers <[email protected]> (supplier of updated cacti package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 17 Apr 2016 19:55:43 +0200
Source: cacti
Binary: cacti
Architecture: source
Version: 0.8.8g+ds1-2
Distribution: unstable
Urgency: medium
Maintainer: Cacti Maintainer <[email protected]>
Changed-By: Paul Gevers <[email protected]>
Description:
cacti - web interface for graphing of monitoring systems
Closes: 783446 783447 815987 816962 818647
Changes:
cacti (0.8.8g+ds1-2) unstable; urgency=medium
.
[ Paul Gevers ]
* Next upstream version, strip include/js/jquery.js from source
* Make sure the web-interface doesn't ask unnecessary questions after
install (Closes: #783447)
* Use the MySQL connection password as initial password for the admin
user (Closes: #783446) and mention this in the NEWS.Debian file
* Improve fix for CVE-2016-2313 such that it doesn't cause a regression
for setups that rely on http authentication of users unknown to cacti.
- Add improve_fix_for_CVE-2016-2313.patch
* Full update of README.Debian
* CVE-2016-3172
- Add CVE-2016-3172_sql-injection-in-tree.php.patch (Closes: #818647)
* Update Brazilian Portuguese, thanks to Diego Neves (Closes: #816962)
* Drop old code in postinst to (re)move old configuration files this is
already fixed in jessie
* Bump version for libphp-adodb as mysqli doesn't work otherwise
* Add new php-xml & php-mbstring to Depends for php7.0
* Add add_rrdtool-1.5_to_utilities.php.patch to prevent error in
utilities.php with rrdtool version 1.5
* Remove Mahyuddin from uploaders (thanks for the fish)
.
[ Nishanth Aravamudan ]
* Update to PHP7.0 dependencies (LP: #1544352)
* Default to mysqli driver for database connection, as the mysql driver
has been removed in PHP7.0 (LP: #1544352) (Closes: #815987)
Checksums-Sha1:
6886b225b9df2e688c0b177d0a89c5baf3c7ae73 1571 cacti_0.8.8g+ds1-2.dsc
8c1b1c46caa858521cca1e9f676aad7b5ef500cb 47472 cacti_0.8.8g+ds1-2.debian.tar.xz
Checksums-Sha256:
ea004d0269efdf957984ae13c1bf4040dd6e0416f4b66629fdbf261deddf3c39 1571
cacti_0.8.8g+ds1-2.dsc
20cd1269b804126cb83f3be15d77e4baea8e29df0751f0addb01ef5c6a2e9f0a 47472
cacti_0.8.8g+ds1-2.debian.tar.xz
Files:
9b7bbe22e077f97f3ba6091f551aa2ab 1571 web extra cacti_0.8.8g+ds1-2.dsc
5e8b3d0cbd7a75a39fad62514fdb8824 47472 web extra
cacti_0.8.8g+ds1-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJXE9JVAAoJEJxcmesFvXUKhYcH/2LfnBlPFP08/mqHCO0Y6j9q
XBlsDaiTolT7WuxW2xXyimKZU0GOcoHoAcNeQvHVz2QQRe/gqN3+EgGr3fJPs+Gy
mQ9eh6t4maWnnWnM2EoPWq0TRkQSYxmI0oqF0tQ0wlJCu6sAY8hPOQfRM+FkWrhd
ujhLGjMrhcSAbqVthVrR9AMZ+u/cn5h8X0ag4o7WM/9Kw/B8mfFUdFdNn+6vAIgV
8f4S+L5Y3vR9Q/tJc8TPz7ef7Eby2189eVGH5/mRXWJxPqHLeK+i2zx24Y9m3BnQ
v5aoKR4np3bMP1uz+W04vvqIkPE9xmX+8WCw0ouZOOzNfx2kXO+qprkHDQoqN3w=
=NqBV
-----END PGP SIGNATURE-----
--- End Message ---
