Accepted cacti 0.8.7g-1+squeeze2 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 10 Aug 2013 07:30:37 +0200
Source: cacti
Binary: cacti
Architecture: source all
Version: 0.8.7g-1+squeeze2
Distribution: squeeze-security
Urgency: high
Maintainer: Sean Finney <seanius@debian.org>
Changed-By: Paul Gevers <elbrus@debian.org>
Description:
cacti - Frontend to rrdtool for monitoring systems and services
Changes:
cacti (0.8.7g-1+squeeze2) squeeze-security; urgency=high
.
* Security upload
* Add patches to fix SQL or command line injection via snmp settings or
graph creation or edition that allows privileged users to execute
arbitrary SQL commands or command line commands.
- CVE-2013-1434
cacti_snmp_sql_injection_CVE-2013-1434.patch
- CVE-2013-1435
cacti_snmp_escape_string_CVE-2013-1435.patch
fix_quoting_in_rrd_command_CVE-2013-1435.patch
* CVE-2013-1435 fix causes a regression in the handling of empty COMMENT
lines in the rrd legend. Fixed by upstream:
fix_COMMENT_in_graph_regression_from_CVE-2013-1435.patch
Checksums-Sha1:
8edad45073902ea7adb5b0a4e90f9beb6f76546f 1443 cacti_0.8.7g-1+squeeze2.dsc
49ad39d95dc5052aee16b820e392ffe38d12ba92 46165 cacti_0.8.7g-1+squeeze2.diff.gz
aa5000d7f009dfc06bda461549d7eeed6bac742e 2090886 cacti_0.8.7g-1+squeeze2_all.deb
Checksums-Sha256:
6fa6fc9ee6af70ba7c5f4451ffdc5ab5c2c7f6bd8dc12aa6d6aa2fbe9f431c05 1443 cacti_0.8.7g-1+squeeze2.dsc
aceaf869c7e0e979979b310e403083290c787b2afa98f7e43006da3edc0140b4 46165 cacti_0.8.7g-1+squeeze2.diff.gz
ca3f62f025fd4dc5843b30b2b23f3535f2bddf8bb58119fe5cd29ab8e87c8951 2090886 cacti_0.8.7g-1+squeeze2_all.deb
Files:
cf87ec025c898e083bc5c2258ca771a4 1443 web extra cacti_0.8.7g-1+squeeze2.dsc
66796b45b79f2886d3173f4528e2e795 46165 web extra cacti_0.8.7g-1+squeeze2.diff.gz
7a1b66221468ab30551ed4c2a30f4f59 2090886 web extra cacti_0.8.7g-1+squeeze2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBCAAGBQJSCTRYAAoJEJxcmesFvXUKQ0UIALvu1UIPuaAVcWLSo31wjVSG
aYtlknEPEloAo77DNh+dT9kImWVmHr7vOsocOTPJ9wbz/dlCfosvz3DNpqPmRgeh
Rl9YLnut+YfwE0a6NAID7obzqEsCapRsXKykmcbruPwVZqv8tz9oDj8FZQhD77pT
O2tXWdvQYPCpAGYvGLq4oIoCE88WF2wc8ZeOtViu7pbYP57DUhYr6LCj36IsiTeV
ClQ7sAnL1zYZOD4nSkXLbq05nRF0WiTFaqpGo7/x2K45EWHB4YDVUOhAnn8DZwIp
BHORRwV4NRmeaz1BKHb2lgMWbVqXfBgFsvH2Brz0jNBOlXGaLuJSctyU0FZe1xA=
=7tTp
-----END PGP SIGNATURE-----