hi guys, as i alerted you on IRC, this update renders cacti unusable. see: #479618 and #479621 .
it's pretty clear that the upload was done without any testing, and
furthermore without first submitting a bug on the cacti package. tsk tsk :)
sean
On Monday 05 May 2008 05:58:54 pm Thijs Kinkhorst wrote:
> ------------------------------------------------------------------------
> Debian Security Advisory DSA-1569-1 [EMAIL PROTECTED]
> http://www.debian.org/security/ Thijs Kinkhorst
> May 05, 2008 http://www.debian.org/security/faq
> ------------------------------------------------------------------------
>
> Package : cacti
> Vulnerability : insufficient input sanitising
> Problem type : remote
> Debian-specific: no
> CVE Id(s) : CVE-2008-0783 CVE-2008-0785
>
> It was discovered that Cacti, a systems and services monitoring frontend,
> performed insufficient input sanitising, leading to cross site scripting
> and SQL injection being possible.
>
> For the stable distribution (etch), this problem has been fixed in
> version 0.8.6i-3.3.
>
> For the unstable distribution (sid), this problem has been fixed in
> version 0.8.7b-1.
>
> We recommend that you upgrade your cacti package.
>
> Upgrade instructions
> --------------------
>
> wget url
> will fetch the file for you
> dpkg -i file.deb
> will install the referenced file.
>
> If you are using the apt-get package manager, use the line for
> sources.list as given below:
>
> apt-get update
> will update the internal database
> apt-get upgrade
> will install corrected packages
>
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
>
>
> Debian GNU/Linux 4.0 alias etch
> -------------------------------
>
> Source archives:
>
>
> http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i.orig.tar.
>gz Size/MD5 checksum: 1122700 341b5828d95db91f81f5fbba65411d63
>
> http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.3.diff.
>gz Size/MD5 checksum: 36683 4b795036336167be4bf6cd2ef2987114
> http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.3.dsc
> Size/MD5 checksum: 873 74f26b805c7cf676f573000b50230179
>
> Architecture independent packages:
>
>
> http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.3_all.d
>eb Size/MD5 checksum: 959394 a9d1a594ff7d2386b28296a2c8909cd5
>
>
> These files will probably be moved into the stable distribution on
> its next update.
>
> ---------------------------------------------------------------------------
>------ For apt-get: deb http://security.debian.org/ stable/updates main
> For dpkg-ftp: ftp://security.debian.org/debian-security
> dists/stable/updates/main Mailing list:
> [EMAIL PROTECTED]
> Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
signature.asc
Description: This is a digitally signed message part.
