[Pkg-cacti-maint] cacti_1.2.24+ds1-1+deb12u3_source.changes ACCEPTED into proposed-updates

Debian FTP Masters ftpmaster at ftp-master.debian.org
Fri Aug 23 11:17:08 BST 2024 

Thank you for your contribution to Debian.



Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 11 Aug 2024 17:28:54 +0000
Source: cacti
Architecture: source
Version: 1.2.24+ds1-1+deb12u3
Distribution: bookworm
Urgency: medium
Maintainer: Cacti Maintainer <pkg-cacti-maint at lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca at debian.org>
Changes:
 cacti (1.2.24+ds1-1+deb12u3) bookworm; urgency=medium
 .
   * Non-maintainer upload by the LTS Security Team.
   * Fix CVE-2024-25641: RCE vulnerability when importing packages
     An arbitrary file write vulnerability, exploitable through the
     "Package Import" feature, allows authenticated users having
     the "Import Templates" permission to execute arbitrary PHP
     code on the web server (RCE).
   * Fix CVE-2024-29894: XSS vulnerability when using JavaScript
     based messaging API.
     raise_message_javascript from lib/functions.php now uses purify.js
     to fix CVE-2023-50250 (among others).
     However it still generates the code out of unescaped
     PHP variables $title and $header.
     If those variables contain single quotes, they can be used
     to inject JavaScript code.
   * Fix CVE-2024-31443. XSS vulnerability when managing data queries
     Some of the data stored in form_save() function in data_queries.php
     is not thoroughly checked and is used to concatenate the
     HTML statement in grow_right_pane_tree() function from lib/html.php,
     finally resulting in XSS.
   * Fix CVE-2024-31444: XSS vulnerability when reading tree rules with
     Automation API.
     Some of the data stored in automation_tree_rules_form_save() function
     in automation_tree_rules.php is not thoroughly checked and is used
     to concatenate the HTML statement in form_confirm() function from
     lib/html.php , finally resulting in XSS.
   * Fix CVE-2024-31445: SQL injection vulnerability
     A SQL injection vulnerability in `automation_get_new_graphs_sql`
     function of `api_automation.php` allows authenticated users to exploit
     these SQL injection vulnerabilities to perform privilege escalation
     and remote code execution. In `api_automation.php` line 856, the
     `get_request_var('filter')` is being concatenated into the SQL
     statement without any sanitization. In `api_automation.php` line 717,
     The filter of `'filter'` is `FILTER_DEFAULT`, which means there is no
     filter for it
   * Fix CVE-2024-31458: SQL injection vulnerability
     Some of the data stored in `form_save()` function in
     `graph_template_inputs.php` is not thoroughly checked and is used to
     concatenate the SQL statement in
     `draw_nontemplated_fields_graph_item()` function from
     `lib/html_form_templates.php` , finally resulting in SQL injection
   * Fix CVE-2024-31459: Remote code execution
     There is a file inclusion issue in the lib/plugin.php file.
     Combined with SQL injection vulnerabilities, RCE can be implemented.
   * Fix CVE-2024-31460: SQL code injection
     Some of the data stored in `automation_tree_rules.php` is not
     thoroughly checked and is used to concatenate the SQL statement in
     `create_all_header_nodes()` function from `lib/api_automation.php` ,
     finally resulting in SQL injection. Using SQL based secondary
     injection technology, attackers can modify the contents of the Cacti
     database, and based on the modified content, it may be possible to
     achieve further impact, such as arbitrary file reading, and even
     remote code execution through arbitrary file writing
   * Fix CVE-2024-34340: type juggling vulnerability
     Cacti calls `compat_password_hash` when users set their
     password. `compat_password_hash` use `password_hash` if there is it,
     else use `md5`. When verifying password, it calls
     `compat_password_verify`. In `compat_password_verify`,
     `password_verify` is called if there is it, else use
     `md5`. `password_verify` and `password_hash` are supported on PHP <
     5.5.0, following PHP manual. The vulnerability is in
     `compat_password_verify`. Md5-hashed user input is compared with
     correct password in database by `$md5 == $hash`. It is a loose
     comparison, not `===`.
Checksums-Sha1:
 069a8fa94557406489587cea4efe462a6f7b05f3 2525 cacti_1.2.24+ds1-1+deb12u3.dsc
 dddbad3784e15fb61ceb9f0c649e45711d6bf7e3 24226965 cacti_1.2.24+ds1.orig-docs-source.tar.gz
 6f258f06289889566b7d6a255b904aae9756d97d 10026982 cacti_1.2.24+ds1.orig.tar.gz
 52f31542ea3dcd638ea141e2ea05ed39f6686171 76688 cacti_1.2.24+ds1-1+deb12u3.debian.tar.xz
 6eb6844f6669b8e20bc8887685348c9ef1f9f79b 6555 cacti_1.2.24+ds1-1+deb12u3_amd64.buildinfo
Checksums-Sha256:
 89daf59fce73dd7a1165bdd6d87ebcd4dfb561934b55d67507aba92f00b7a115 2525 cacti_1.2.24+ds1-1+deb12u3.dsc
 180acdab0fbbbae452bb6f46ad9d406cedcb540967410f71aa69be4a281bb74c 24226965 cacti_1.2.24+ds1.orig-docs-source.tar.gz
 4247d8120b0661a2019a0d39f35c6e84cfd4e4161e0791ff233c3e3bd2d571da 10026982 cacti_1.2.24+ds1.orig.tar.gz
 bbea5ad64533693b50d066c9521b82e446865306f567d71b1653148b392a8405 76688 cacti_1.2.24+ds1-1+deb12u3.debian.tar.xz
 6dadceca4c276bae10a18d2b3268dfb8d516ff8d1bcc0e302f12f7959c45aa1a 6555 cacti_1.2.24+ds1-1+deb12u3_amd64.buildinfo
Files:
 3130c771af7bcd1cf13dca5cc2314db5 2525 web optional cacti_1.2.24+ds1-1+deb12u3.dsc
 a05d1c5f50554a86fd0eb11f070594a7 24226965 web optional cacti_1.2.24+ds1.orig-docs-source.tar.gz
 69cdb0ae5b490a8328e99ad2f161aca6 10026982 web optional cacti_1.2.24+ds1.orig.tar.gz
 b3e2a13e9386b6b1e663afe53875107a 76688 web optional cacti_1.2.24+ds1-1+deb12u3.debian.tar.xz
 822c1af23792157b5c29caa6c8ddd444 6555 web optional cacti_1.2.24+ds1-1+deb12u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmbHnf8RHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF9zdw/+KW8HUM5sFbAVybWClod+a/kY9VF27UU1
O2ROOt4FBPKFidNr9TyaJssvuX746m4Dh/5HFhywsbFxc9hQHZSuNd+uXll9+GuR
FWADPmkc/1QV9rpczd4Igbib30+zyqebbC+dx5KialMNELbk/S/BfYK3DMz4KiO5
J8659SUswX+woLGiSU095DpH+1vNVT7P1G2UDe3C1xXVRR+5wGThKXiIWr1WcMfK
DvHKE/De9jy8jcKmmW0LfFvl8eMJjlUI3F46Vxz3XU6BH44IVaFLcny7liehqejk
JhE10PzjjI95fDIxZo2C46VG7gQ2FpQ5roR27IemCZIAeES28iSpLohGg8p+593C
BovAMyicQ0ZRVZVeV/60e7ebyfXbcYhKfy1q1dXnW1iASC1clROT5t+eL4pr0qAk
PEMXWPMhZ4G6yT1JCvmMdjtj792v92Ggy+RKt6i9j7DuYvzIrnMpKCulKN7W7igt
8S2DT9k3Mf+uEmTLjFSd5dOI/xE9hCaTG3UyBKYonUvC436OEfw6os2al4pahVnX
yZWqsuGYCQvwvT4pYKv+BJlnDWA9WTD0xIJzZgEiws0Uvl5jt8a2nhLtuBo/Kiim
J9uFrMLoVxzPDVExsrkFml4H6x6bqo/Rr4RPwiRyxcAmh767pXnwslcbT+NU1GMc
NpPZd/Csf3I=
=oBNp
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-cacti-maint/attachments/20240823/f6920284/attachment-0001.sig>

More information about the Pkg-cacti-maint mailing list