[Pkg-cacti-maint] cacti_1.1.27+ds1-3~bpo9+1_source.changes ACCEPTED into stretch-backports

Debian FTP Masters ftpmaster at ftp-master.debian.org
Mon Nov 20 19:48:55 UTC 2017 


Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 20 Nov 2017 20:34:23 +0100
Source: cacti
Binary: cacti
Architecture: source
Version: 1.1.27+ds1-3~bpo9+1
Distribution: stretch-backports
Urgency: medium
Maintainer: Cacti Maintainer <pkg-cacti-maint at lists.alioth.debian.org>
Changed-By: Paul Gevers <elbrus at debian.org>
Description:
 cacti      - web interface for graphing of monitoring systems
Closes: 881110
Changes:
 cacti (1.1.27+ds1-3~bpo9+1) stretch-backports; urgency=medium
 .
   * Rebuild for stretch-backports.
 .
 cacti (1.1.27+ds1-3) unstable; urgency=medium
 .
   * CVE-2017-16641: remote authenticated administrators can execute
     arbitrary os commands via the path_rrdtool parameter in an action=save
     request to settings.php (Closes: #881110)
   * CVE-2017-16660: remote authenticated administrators can conduct Remote
     Code Execution attacks by placing the Log Path under the web root, and
     then making a remote_agent.php request containing PHP code in a
     Client-ip header
   * CVE-2017-16661: remote authenticated administrators can read arbitrary
     files accessible by the web-server user by placing the Log Path into a
     private directory, and then making a clog.php?filename= request
   * CVE-2017-16785: reflected XSS via the PATH_INFO to host.php
     (reintroduction of CVE-2017-15194)
   * Bump standards to 4.1.1
   * Set Priority to optional
 .
 cacti (1.1.27+ds1-2) unstable; urgency=medium
 .
   * Add upstream commit b44eb52 as 0001-Another-crack-at-issue-1039.patch
     because they likely reintroduced part of CVE-2017-15194. Thanks to
     autopkgtest
 .
 cacti (1.1.27+ds1-1) unstable; urgency=medium
 .
   * New upstream version 1.1.27
    - Drop CVE-2017-15194.patch again
   * [tests] Add new note to list of exceptions to fix failure
Checksums-Sha1:
 2d6f88e72ce4c9f739447df09b520aa6ca520bfa 2162 cacti_1.1.27+ds1-3~bpo9+1.dsc
 6eea15fcbafd6a8e6df1b3d8c9623be911c0fe1c 56124 cacti_1.1.27+ds1-3~bpo9+1.debian.tar.xz
Checksums-Sha256:
 5ccbc8b2346cd4b5d352cf56122df6c25ac801f62c60be147f1de8d95b5beaac 2162 cacti_1.1.27+ds1-3~bpo9+1.dsc
 9b8b59dfe505c4b251a90762d4a4594411ff618feb8d8ef310d26ae5e99e50f8 56124 cacti_1.1.27+ds1-3~bpo9+1.debian.tar.xz
Files:
 44e9ae2f3d7645b00e96b62113d76c62 2162 web optional cacti_1.1.27+ds1-3~bpo9+1.dsc
 90d57ca02865f10b5469db7432e63c7a 56124 web optional cacti_1.1.27+ds1-3~bpo9+1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEWLZtSHNr6TsFLeZynFyZ6wW9dQoFAloTLx0ACgkQnFyZ6wW9
dQrllAgArz3uCCMjo8flzm0WXlQyK2OhQw81y8gZt8BuhZQa/ZoRWPDztX7MAVqT
r87VXuo2Xs8bHAC/gmG7TaFrayXwKiWWEru1kSvoCOdnU3b5eJ/pn55O71npqnak
3g8CSEj7ehqtM5WVV1BRx5uJoLdFWolvWbvHxlqBgxi16bTCqwa2djvqXJ923WOE
CVbWtHouvoQzd0v58GBszzqZXawgRaBA5Wt7TLlJtFrgetex8GKca3u1KYbx2wem
TIUvlz4FV21BReVWfT4lGrrUzM2G4OTeF8ERFihZzBqvibkZ6CwdxEEaHT6EDHvb
XoMa30+lEEUFvro309nXiSZIzEocMw==
=PmUr
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.

More information about the Pkg-cacti-maint mailing list