Cacti Settings Patch

Cacti (1.2.0beta2+ds1-1) experimental; urgency=medium. New upstream release 1.2.0-beta1. CVE-2009-4112: remote authenticated administrators can gainprivileges; circumvented via optional whitelisting (Closes: #561339). Refresh patches. Drop most ofenable-system-jqueryui-by-putting-cacti-changes-in-main.css.patch.

Bump Standards to 4.2.1. Bump debhelper compat level. tests Add mysql-server test back but withskip-not-installable. Debian has mariadb-server asdefault-mysql-server so we definitely want to test that.

Ubuntu hasmysql-server, so we also want to test that, but that isn't intesting. (Closes: #903238).

Drop recursive chown from postins (thanks lintian). Add perl-path.patch to make sh-bang in perl scripts compliant withpolicy (thanks lintian). Add font-awesome-path.patch as the path to the css is slightlydifferent in the system version. Add fix-update-for-beta-versions.patch to ensure updating works. Adapt documentation building as upstream reworked it completely- Paul Gevers Sun, 28 Oct 2018 16:00:51 +0100. Cacti (1.1.37+ds1-1) unstable; urgency=medium.

New upstream release 1.1.37. CVE-2018-10059: (XSS) the getcurrentpage function inlib/functions.php relies on $SERVER'PHPSELF' instead of$SERVER'SCRIPTNAME' to determine a page name. CVE-2018-10060: (XSS) does not properly reject unintended characters,related to use of the sanitizeuri function in lib/functions.php. CVE-2018-10061: (XSS) makes certain htmlspecialchars calls without theENTQUOTES flag- Paul Gevers Thu, 12 Apr 2018 17:43:13 +0200. Cacti (1.1.3+ds1-1) experimental; urgency=medium.

Cacti Settings Patch For Mac

New upstream release- Drop loads of obsoleted patches- Refresh or rework remaining patches. Strip loads of embedded javascript projects and build and/or depend onthe proper Debian package. Drop dependency on libadodb as upstream moved away from it. Prepare to buid documentation.

Add patches to move adaptations in the embedded jquery-ui css file tothe cacti main.css file as upstream intents to support that. Update d/TODO as not everything is done as I want it- Paul Gevers Mon, 17 Apr 2017 19:50:52 +0200. Cacti (0.8.8h+ds1-1) unstable; urgency=medium.

Cacti Settings Patch For Windows 7

New upstream release- CVE-2016-3659 SQL Injection Vulnerability in graphview.php (Closes:#820521). Drop obsolete patches (applied upstream).

Update tests to depend on javascript-common. Don't test lighttpd for now. Drop jquery.js from the source (wasn't used anyways in Debian), so noneed to document it in d/copyright. Add makecactisqlmode-strictcompatible.patch to enable cacti towork with the default settings of MySQL 5.7 (LP: )- Paul Gevers Sat, 14 May 2016 22:26:35 +0200. Cacti (0.8.8f+ds1-4) unstable; urgency=medium. CVE-2015-8377: Fix SQL Injection vulnerability in graphsnew.php.

CVE-2015-8604: Fix SQL Injection vulnerability in graphsnew.php. Depend on dbconfig-mysql or dbconfig-no-thanks instead ofdbconfig-common and mysql-client. Bump compat level to 9. Drop useless CFLAGS declaration in d/rules. Drop cacti.sqldroptablestobegin.patch as dbconfig-common now doesthat. Add dependency on libjs-jquery now that version is high enough andupdate usedebianjavascriptpackages.patch to use it.- Paul Gevers Sat, 09 Jan 2016 13:16:04 +0100.