This bug was fixed in the package cacti - 1.2.9+ds1-1ubuntu1
---------------
cacti (1.2.9+ds1-1ubuntu1) focal; urgency=medium
* Merge with Debian unstable (LP: #1863739). Remaining changes:
- General installing instructions update for NO_AUTO_CREATE_USER.
- Use new dbconfig "dbc_authplugin" variable to mitigate MySQL 8 issues.
* Dropped changes [upstream]:
- MySQL 8 change needs: NO_AUTO_CREATE_USER and grouping keyword.
* Dropped changes [debian]:
- Replace php-php-gettext dependency in order to fix translations
(LP #1844070)
cacti (1.2.9+ds1-1) unstable; urgency=medium
* New upstream version 1.2.9+ds1
CVE-2020-7106 Remote Code Execution (by privileged users) via shell
metacharacters in the Performance Boost Debug Log field of
poller_automation.php. (Closes: #949996)
CVE-2020-7237 Stored XSS in data_sources.php,
color_templates_item.php, graphs.php, graph_items.php,
lib/api_automation.php, user_admin.php, and user_group_admin.php, as
demonstrated by the description parameter in data_sources.php (Closes:
#949997)
cacti (1.2.8+ds1-1) unstable; urgency=medium
* New upstream version 1.2.8+ds1
CVE-2019-17357 When viewing graphs, some input variables are not
properly checked (SQL injection possible) (Closes: #947374)
CVE-2019-17358 When deserializating data, ensure basic sanitization
has been performed (Closes: #947375)
cacti (1.2.7+ds1-1) unstable; urgency=medium
* New upstream version 1.2.7+ds1
CVE-2019-16723 Security issue allows to view all graphs (Closes:
#941036)
* Refresh and drop patches to match upstream
cacti (1.2.6+ds1-3) unstable; urgency=medium
* Add 0001-Resolving-Issue-2984.patch to fix CI error
cacti (1.2.6+ds1-2) unstable; urgency=medium
[ Paul Gevers]
* Fix autopkgtest regression with 0001-Resolving-Issue-2899.patch from
upstream
* Apache skipped the php section in apache.conf since PHP 7 (Closes:
#934898)
* Translations were broken since 1.2.4+ds1-1. Import upstream solution
enabling the use of php-phpmyadmin-motranslator.
[ Rafael David Tinoco ]
* Prepare sql commands for MySQL 8 (See: #933683)
-- Rafael David Tinoco <[email protected]> Tue, 18 Feb 2020
13:28:26 +0000
** Changed in: cacti (Ubuntu)
Status: In Progress => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-16723
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-17357
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-17358
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-7106
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-7237
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1863739
Title:
[focal] cacti needs a merge from 1.2.4+ds1-2ubuntu3 to 1.2.9+ds1-1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cacti/+bug/1863739/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
