Hello community, here is the log from the commit of package cacti for openSUSE:Factory checked in at 2020-07-15 15:06:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cacti (Old) and /work/SRC/openSUSE:Factory/.cacti.new.3060 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cacti" Wed Jul 15 15:06:18 2020 rev:33 rq:820849 version:1.2.13 Changes: -------- --- /work/SRC/openSUSE:Factory/cacti/cacti.changes 2020-05-28 09:21:54.457497536 +0200 +++ /work/SRC/openSUSE:Factory/.cacti.new.3060/cacti.changes 2020-07-15 15:07:00.727526600 +0200 @@ -1,0 +2,12 @@ +Tue Jul 14 09:14:56 UTC 2020 - Andreas Stieger <[email protected]> + +- cacti 1.2.13: + * Query XSS vulnerabilities require vendor package update + (CVE-2020-11022 / CVE-2020-11023) + * Lack of escaping on some pages can lead to XSS exposure + * Update PHPMailer to 6.1.6 (CVE-2020-13625) + * SQL Injection vulnerability due to input validation failure when + editing colors (CVE-2020-14295, boo#1173090) + * Lack of escaping on template import can lead to XSS exposure + +------------------------------------------------------------------- Old: ---- cacti-1.2.12.tar.gz New: ---- cacti-1.2.13.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cacti.spec ++++++ --- /var/tmp/diff_new_pack.KQs72A/_old 2020-07-15 15:07:03.335529144 +0200 +++ /var/tmp/diff_new_pack.KQs72A/_new 2020-07-15 15:07:03.339529148 +0200 @@ -29,7 +29,7 @@ %endif Name: cacti -Version: 1.2.12 +Version: 1.2.13 Release: 0 Summary: Web Front-End to Monitor System Data via RRDtool License: GPL-2.0-or-later ++++++ cacti-1.2.12.tar.gz -> cacti-1.2.13.tar.gz ++++++ /work/SRC/openSUSE:Factory/cacti/cacti-1.2.12.tar.gz /work/SRC/openSUSE:Factory/.cacti.new.3060/cacti-1.2.13.tar.gz differ: char 5, line 1
