This bug was fixed in the package cacti -
0.8.8b+dfsg-8+deb8u1build0.14.10.1
---------------
cacti (0.8.8b+dfsg-8+deb8u1build0.14.10.1) utopic-security; urgency=medium
* fake sync from Debian (LP: #1210822)
cacti (0.8.8b+dfsg-8+deb8u1) jessie-security; urgency=high
* Security update
- CVE-2015-2665 Cross-site scripting (XSS) vulnerability in Cacti
before 0.8.8d allows remote attackers to inject arbitrary web script
or HTML via unspecified vectors.
- CVE-2015-4342 SQL Injection and Location header injection from cdef
id
- CVE-2015-4454 SQL injection vulnerability in the
get_hash_graph_template function in lib/functions.php in Cacti before
0.8.8d allows remote attackers to execute arbitrary SQL commands via
the graph_template_id parameter to graph_templates.php.
- Unassigned CVE SQL injection VN:JVN#78187936 / TN:JPCERT#98968540
-- Steve Beattie <[email protected]> Tue, 30 Jun 2015 10:23:46 -0700
** Changed in: cacti (Ubuntu Utopic)
Status: In Progress => Fix Released
** Changed in: cacti (Ubuntu Vivid)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1210822
Title:
Please backport cacti security fixes
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cacti/+bug/1210822/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
