Bug#742768: marked as done (cacti: CVE-2014-2326 CVE-2014-2327 CVE-2014-2328)
Your message dated Sat, 05 Jul 2014 17:18:27 + with message-id e1x3tbx-00053t...@franck.debian.org and subject line Bug#742768: fixed in cacti 0.8.7g-1+squeeze4 has caused the Debian Bug report #742768, regarding cacti: CVE-2014-2326 CVE-2014-2327 CVE-2014-2328 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 742768: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: cacti Severity: grave Tags: security Justification: user security hole Hi, please see http://www.securityfocus.com/archive/1/531588 for details. Cheers, Moritz ---End Message--- ---BeginMessage--- Source: cacti Source-Version: 0.8.7g-1+squeeze4 We believe that the bug you reported is fixed in the latest version of cacti, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 742...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Paul Gevers elb...@debian.org (supplier of updated cacti package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 05 Jul 2014 11:27:40 +0200 Source: cacti Binary: cacti Architecture: source all Version: 0.8.7g-1+squeeze4 Distribution: squeeze-lts Urgency: high Maintainer: Sean Finney sean...@debian.org Changed-By: Paul Gevers elb...@debian.org Description: cacti - Frontend to rrdtool for monitoring systems and services Closes: 742768 743565 752573 Changes: cacti (0.8.7g-1+squeeze4) squeeze-lts; urgency=high . * Security upload (Closes: #742768, #743565, #752573) - CVE-2014-2326 Cross-site scripting (XSS) vulnerability - CVE-2014-2327 Cross Site Request Forgery Vulnerability - CVE-2014-2328 Unspecified Remote Command Execution Vulnerability - CVE-2014-2708 SQL injection - CVE-2014-2709 Unspecified Remote Command Execution Vulnerability - CVE-2014-4002 Cross-Site Scripting Vulnerability Checksums-Sha1: 0b1a8db6de23388eb333e3f31910e72f35ab512b 1443 cacti_0.8.7g-1+squeeze4.dsc b88051b333e29b215dacfe07bd1cf684da866c53 59041 cacti_0.8.7g-1+squeeze4.diff.gz 71c19bf1d1ff3d4cbf5d1ef717dbdeaf314bd89b 2098348 cacti_0.8.7g-1+squeeze4_all.deb Checksums-Sha256: 50961c0bcf6766c9f7493f785f7202fe73bfbfb04b576e5388875f56f846358e 1443 cacti_0.8.7g-1+squeeze4.dsc 1498c3a5ef269942c908a0d9bb24a10a29ebd126c7226c223f52e2171f7c7fb0 59041 cacti_0.8.7g-1+squeeze4.diff.gz 73cea4db7448c4ae2d311937c4f76f9fe2452f4933c7df6b1b6088ecb604b66e 2098348 cacti_0.8.7g-1+squeeze4_all.deb Files: 5ef9a7d3c7e9753456a923c040276aa8 1443 web extra cacti_0.8.7g-1+squeeze4.dsc ba7a61ce0ae89d4d19525001d0f98b56 59041 web extra cacti_0.8.7g-1+squeeze4.diff.gz 64be98d1231c4f5ac4a8039a8876cc2a 2098348 web extra cacti_0.8.7g-1+squeeze4_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJTuC2fAAoJEJxcmesFvXUKy4YH/1ETU150OPL6OeHY2EqCbz+4 wMk3kK0hNJv3JpmKlZ2dGdFggSigQTY33CtrR177skN3fjYauoIF+8UVL3BsU7Hg /9+yMeJWQSGWL0k0NfKSOYGelbswY8yY/rTdBw5INXqaGn7xHaTb6iJ+1IIDKuGu yxXAMtUpoQn4lJjvkBADPzVl8xE/lyLcNrQFn5owprC28MNGgz1IAGVklhVEj3OB OFWnYRGCNihhDSW8z1JfLnf+FtUZ2utVsGG2b7JJCGuoAAnOkHQOdfmaq6l5Wq+G VxA2Aa6S0ABnsJv0aNBMXKRcrutOPU7ElCzdOjNOcDYMyondy5GxwpRzM24XZT0= =gTIS -END PGP SIGNATUREEnd Message---
Bug#742768: marked as done (cacti: CVE-2014-2326 CVE-2014-2327 CVE-2014-2328)
Your message dated Fri, 04 Jul 2014 07:53:04 + with message-id e1x2yiq-0001to...@franck.debian.org and subject line Bug#742768: fixed in cacti 0.8.8a+dfsg-5+deb7u3 has caused the Debian Bug report #742768, regarding cacti: CVE-2014-2326 CVE-2014-2327 CVE-2014-2328 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 742768: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: cacti Severity: grave Tags: security Justification: user security hole Hi, please see http://www.securityfocus.com/archive/1/531588 for details. Cheers, Moritz ---End Message--- ---BeginMessage--- Source: cacti Source-Version: 0.8.8a+dfsg-5+deb7u3 We believe that the bug you reported is fixed in the latest version of cacti, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 742...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Paul Gevers elb...@debian.org (supplier of updated cacti package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 26 Jun 2014 21:01:50 +0200 Source: cacti Binary: cacti Architecture: source all Version: 0.8.8a+dfsg-5+deb7u3 Distribution: wheezy-security Urgency: high Maintainer: Cacti Maintainer pkg-cacti-ma...@lists.alioth.debian.org Changed-By: Paul Gevers elb...@debian.org Description: cacti - web interface for graphing of monitoring systems Closes: 742768 743565 752573 Changes: cacti (0.8.8a+dfsg-5+deb7u3) wheezy-security; urgency=high . * Security upload (Closes: #742768, #743565, #752573) - CVE-2014-2326 Cross-site scripting (XSS) vulnerability - CVE-2014-2327 Cross Site Request Forgery Vulnerability - CVE-2014-2328 Unspecified Remote Command Execution Vulnerability - CVE-2014-2708 SQL injection - CVE-2014-2709 Unspecified Remote Command Execution Vulnerability - CVE-2014-4002 Cross-Site Scripting Vulnerability Checksums-Sha1: 9acdcd6e9e6b16603e2ee400197df3282a1e6b83 1683 cacti_0.8.8a+dfsg-5+deb7u3.dsc 1d3cc0a0c7ce926893644967ee151c4c4bc65466 121095 cacti_0.8.8a+dfsg-5+deb7u3.debian.tar.gz 49ce8a79add38a77e69a23f885df62888c8dcb3e 2147332 cacti_0.8.8a+dfsg-5+deb7u3_all.deb Checksums-Sha256: 329bd24accebeab86ac701788a092b090454d80ec69c9c05d8ba0e2a13a7cb93 1683 cacti_0.8.8a+dfsg-5+deb7u3.dsc c105e1fd8d185a26308343a0c2575fb350aa7555bf61da488a63ff40a3b183d5 121095 cacti_0.8.8a+dfsg-5+deb7u3.debian.tar.gz 8c9606571c58b135d3320ebf1222f924badd5172915dd69966c373467ab573e2 2147332 cacti_0.8.8a+dfsg-5+deb7u3_all.deb Files: 724367875a4e43438b532c33cb59d853 1683 web extra cacti_0.8.8a+dfsg-5+deb7u3.dsc 8237f1100ca61743de8e0e4b2e5f2fab 121095 web extra cacti_0.8.8a+dfsg-5+deb7u3.debian.tar.gz 80c20926bb4e0502b0aae27d767631e0 2147332 web extra cacti_0.8.8a+dfsg-5+deb7u3_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJTrV5RAAoJEJxcmesFvXUKMGgH/jYf08AmZzl0hsK7UIengiAi iN1twNHRlyPfL1/YkirbQFHpPHeas49VbEN5geqMbSLHRRyfJ/ftz7w33Oxt20ON GSWHNSAcT9GXjhe8LuAZlxRFnf7No70K0hRJ91yEeHrA/lbtpgInIcwot9yyKZDk xmxNf+uPk0ultoTC6JxoSVaDwyj/GxCH9Dzy86sq3DSByhEk+4NYAs6WsXfFIMuj aQqf1rUwIlHWA3+Hfr0qfRozEKKJFcoZaqZkFjbBQ9ueDUV03qmWeog1n7ujkCkf D7Kerx+u7XPcuOgFKCs1DPHIWkAjHLA+Y03yJTPtE/5p2G6ENI85UCoTlLXu5KU= =TD4G -END PGP SIGNATUREEnd Message---
Bug#742768: marked as done (cacti: CVE-2014-2326 CVE-2014-2327 CVE-2014-2328)
Your message dated Wed, 25 Jun 2014 21:34:24 + with message-id e1wzupk-0005cr...@franck.debian.org and subject line Bug#742768: fixed in cacti 0.8.8b+dfsg-6 has caused the Debian Bug report #742768, regarding cacti: CVE-2014-2326 CVE-2014-2327 CVE-2014-2328 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 742768: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: cacti Severity: grave Tags: security Justification: user security hole Hi, please see http://www.securityfocus.com/archive/1/531588 for details. Cheers, Moritz ---End Message--- ---BeginMessage--- Source: cacti Source-Version: 0.8.8b+dfsg-6 We believe that the bug you reported is fixed in the latest version of cacti, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 742...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Paul Gevers elb...@debian.org (supplier of updated cacti package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 25 Jun 2014 22:33:53 +0200 Source: cacti Binary: cacti Architecture: source all Version: 0.8.8b+dfsg-6 Distribution: unstable Urgency: high Maintainer: Cacti Maintainer pkg-cacti-ma...@lists.alioth.debian.org Changed-By: Paul Gevers elb...@debian.org Description: cacti - web interface for graphing of monitoring systems Closes: 742768 744067 752573 Changes: cacti (0.8.8b+dfsg-6) unstable; urgency=high . * Add alternative php5-mysql | php5-mysqlnd (Closes: #744067) * Security update (Closes: #742768, #752573) - CVE-2014-2327 Cross Site Request Forgery Vulnerability - CVE-2014-4002 Cross-Site Scripting Vulnerability Checksums-Sha1: cb0087d5f3770dea819440882c268c754ae0f0e3 1655 cacti_0.8.8b+dfsg-6.dsc 5a34a582d9c8677518a33234a4ad1ac8024ee61a 103284 cacti_0.8.8b+dfsg-6.debian.tar.xz 7b62b650d11502daed7091fbd7985634bfd59f54 1892594 cacti_0.8.8b+dfsg-6_all.deb Checksums-Sha256: f72c1022c8497784322e9bb3db94bff0f72ddbe2f38acfbc9f894236741a86d4 1655 cacti_0.8.8b+dfsg-6.dsc 18433ea70e341eff55c005ff1796018f546fa53ed1159e2cd69ec1c9a96168ec 103284 cacti_0.8.8b+dfsg-6.debian.tar.xz ab5ab0a70f308814acb5f2fdb3b32e398e47567e005065d9fd3d60748470a7aa 1892594 cacti_0.8.8b+dfsg-6_all.deb Files: 0aa31425f144e81ad972e6ec0aff7d9f 1892594 web extra cacti_0.8.8b+dfsg-6_all.deb 6de034dfcb0d7ecf5e6978bf61d9b45c 1655 web extra cacti_0.8.8b+dfsg-6.dsc c06386ec36c90e07234da262dc2136e4 103284 web extra cacti_0.8.8b+dfsg-6.debian.tar.xz -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJTqzRsAAoJEJxcmesFvXUKseAIAKKzrFxl91WYCof/mF8pxeD9 OjOumQOUH/BSNDfsgou3Vk/hVsiMOZroSaEuTYDznfJPa1ajkFENHL5AySAD44xK sdlHBlpDkp/KexgKBBV+2zxdokjk7BZrfVtJowEkfbVhTOErK+KnUhXmj3sK4tvi sCQQQS4QNL8iRHVnMKuOQge3YKLiM9uWyA/fjS3LRqNCdNasvknWk2r+9xLBx4uK wdmeYubm3oCjc+zWmq9RrhYIYTw0RKyXzk3EqPJHcsGeqsnIk6uYtYch014SRune 3XJWYF3Zj6cShJtFkwyEz/GxesSBs7E5ec/BduJKPzJqb8q24MzYsOtD7jH1AR0= =2G1F -END PGP SIGNATUREEnd Message---