SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for cacti-0.8.8f-12.1.noarch.rpm :
Mon May 9 14:00:00 2016 liedkeAATTrz.uni-mannheim.de
- Fix the following vulnerabilities:

* CVE-2016-3659: SQL injection in lib/functions.php (CVE-2016-3659)
(boo#974013)

* CVE-2016-3172: SQL injection in tree.php (CVE-2016-3172)
(boo#971357)

Tue Feb 9 13:00:00 2016 astiegerAATTsuse.com
- Fix the following vulnerabilities:

* CVE-2015-8369: SQL injection in graph.php (boo#958863)

* CVE-2015-8604: SQL injection in graphs_new.php (boo#960678)

* CVE-2015-8377: SQL injection vulnerability in the
host_new_graphs_save function in graphs_new.php
(boo#958977)

* CVE-2016-2313: Authentication using web authentication as a user
not in the cacti database allows complete access
(boo#965930)
- adding CVE-2015-8369.patch, CVE-2015-8604-CVE-2015-8377.patch,
CVE-2016-2313.patch

Sun Jul 26 14:00:00 2015 astiegerAATTsuse.com
- cacti 0.8.8f:

* 0.8.8e Poller Script Parser is Broken

* cli/upgrade_database.php is missing releases

* Graph managment graphs.php save button does not work

* Poller Script Parser is Broken

Mon Jul 20 14:00:00 2015 joop.boonenAATTopensuse.org
- Fixed the spec file so the package also builds for el7, Fedora 20 > etc.

Sat Jul 18 14:00:00 2015 astiegerAATTsuse.com
- Update to 0.8.8e:
This update contains importand security fixes: [boo#937997]
- Multiple XSS and SQL injection vulnerabilities
- CVE-2015-4634 - SQL injection in graphs.php
Further fixes:
- Fixed issue with graph zooming failing to work
- Impossible to have a URL pointing directly to a graph
- Cannot delete data sources from the GUI
- viewing host in new tab - Undefined index: nodeid
- status_fail_date and status_rec_date are set incorrectly after
host is marked down
- Incorrect value in Hosts column on Host Templates page
- Incorrect row number in Devices -> (Edit) page

Tue Jun 16 14:00:00 2015 joop.boonenAATTopensuse.org
- Update to version 0.8.8d
- Fixes [bnc#934187]
- CVE-2015-4342: cacti: Multiple XSS and SQL injection vulnerabilities
- feature: Remove un-needed fonts and javascript files
- bug: Fixed SQL injection VN: JVN#78187936 / TN:JPCERT#98968540
- bug#0002261: PHP 5.4.0 added new error_reporting variable, causing cacti to show errors
- bug#0002391: Odd Behaviour on ReIndex of Data Query Data
- bug#0002393: Broken thumbnail images for graph templates
- bug#0002402: Subtree must not have the same header as the parent header
- bug#0002474: CLI add_device.php dows not set availability_method correctly
- bug#0002449: The Save button does not work: Invalid html on page Console -> Cacti Settings: empty form tag
- bug#0002428: Fail to delete all data input items when removing more than 1000 data sources
- bug#0002439: Password with special character don\'t work with LDAP authentication
- bug#0002461: invalid bn with ldap and anonymous bind
- bug#0002465: Graph Export return empty CSV file
- bug#0002484: Incorrect SQL request in cli script repair_database.php
- bug#0002485: Broken pagenation on graph viewing
- bug#0002489: SNMP - Get Mounted Partitions using Re-index method of Index Count Changed causes recache event every time
- bug#0002490: Can not select page for multiple datasources per device
- bug#0002494: CSV export always shows last day
- bug#0002504: Data template search not functional
- bug#0002542: [FG-VD-15-017] Cacti Cross-Site Scripting Vulnerability Notification
- bug#0002543: Unable to switch pages within graphs_new.php due to invalid URL generation
- bug#0002544: Duplicate entry in $nav_url during list view
- bug#0002571: SQL Injection and Location header injection from cdef id CVE-2015-4342
- bug#0002572: SQL injection in graph templates
- Renamed two patch files, to a more generic name:
- cacti-0.8.8c-cacti-log-path.patch to cacti-log-path.patch
- cacti-0.8.8c-cacti-script.patch to cacti-script.patch

Mon Dec 8 13:00:00 2014 aldemir.akpinarAATTgmail.com
- Update to version 0.8.8c
- New features
- New graph tree view
- Updated graph list and graph preview
- Refactor graph tree view to remove GPL incompatible code
- Updated command line database upgrade utility
- Graph zooming now from everywhere
- Security fixes
- CVE-2013-5588 - XSS issue via installer or device editing
- CVE-2013-5589 - SQL injection vulnerability in device editing
- CVE-2014-2326 - XSS issue via CDEF editing
- CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability
- CVE-2014-2328 - Remote Command Execution Vulnerability in graph export
- CVE-2014-4002 - XSS issues in multiple files
- CVE-2014-5025 - XSS issue via data source editing
- CVE-2014-5026 - XSS issues in multiple files
- Removed cacti-0.8.8b-cacti-log-path.patch as it is incompatible with 0.8.8c.
- Removed cacti-0.8.8b-cacti-script.patch as it is incompatible with 0.8.8c.
- Removed cacti-0.8.8b_CVE-2013-5588_CVE-2013-5589.patch as this code is incorprated to cacti 0.8.8c
- Removed cacti-0.8.8b_security.patch as this code is incorprated to cacti 0.8.8c
- Created cacti-0.8.8c-cacti-log-path.patch so that cacti only logs to /var/log/cacti
- Created cacti-0.8.8c-cacti-script.patch so that cacti uses /usr/share/cacti/scripts

Sun Apr 13 14:00:00 2014 ajAATTajaissle.de
- Add cacti-0.8.8b_security.patch:
- Fixes [bnc#870821]:
- CVE-2014-2326: Unspecified HTML Injection Vulnerability
- Fixes CVE-2014-2328:
- Unspecified Remote Command Execution Vulnerability
- Fixes [bnc#872008]:
- CVE-2014-2708: Unspecified SQL Injection Vulnerability
- CVE-2014-2709: Unspecified Remote Command Execution Vulnerability
- Add cacti-0.8.8b_CVE-2013-5588_CVE-2013-5589.patch:
- Fixes [bnc#837440]:
- CVE-2013-5588: HTML Injection Vulnerability
- CVE-2013-5589: SQL Injection Vulnerability

Sat Apr 12 14:00:00 2014 ajAATTajaissle.de
- Change php requirements to be more general on SUSE systems
[bnc#862993]

Thu Aug 8 14:00:00 2013 joop.boonenAATTopensuse.org
- Update to version 0.8.8b
- bug: Fixed issue with custom data source information being lost when saved from edit
- bug: Repopulate the poller cache on new installations
- bug: Fix issue with poller not escaping the script query path correctly
- bug: Allow snmpv3 priv proto none
- bug: Fix issue where host activate may flush the entire poller item cache
- security: SQL injection and shell escaping issues

Mon Jun 4 14:00:00 2012 aldemir.akpinarAATTairties.com
- Added official cacti 0.8.8a patch

Mon Apr 30 14:00:00 2012 aldemir.akpinarAATTairties.com
- New version 0.8.8a
- Fixed an rpmlint warning

Mon Apr 16 14:00:00 2012 joop.boonenAATTopensuse.org
- Corrected the crontab file for openSUSE >= 12.2
- Some cross distro fixes so plugins will also build for other distros

Tue Apr 10 14:00:00 2012 joop.boonenAATTopensuse.org
- Install cacti in /srv/www/cacti/ from openSUSE 12.2 onwards
- Passed the spec file through spec-cleaner
- Cacti-PA can be removed as cacti includes the Plugin Architure

Tue Apr 10 14:00:00 2012 aldemir.akpinarAATTairties.com
- Minor changes in the spec file, updated version to 0.8.8

Sun Jan 8 13:00:00 2012 joop.boonenAATTboonen.org
- Reformated the spec file to the openSUSE standard

Fri Dec 30 13:00:00 2011 aldemir.akpinarAATTairties.com
- Added official settings_checkbox patch

Tue Dec 13 13:00:00 2011 joop.boonenAATTopensuse.org
- Build version 0.8.7i

Tue Oct 4 14:00:00 2011 aldemir.akpinarAATTairties.com
- Upgrade to version 0.8.7h

Fri Jun 10 14:00:00 2011 aldemir.akpinarAATTairties.com
- added \'Provides\' to make cactid installable

Sat Jul 10 14:00:00 2010 joop.boonenAATTopensuse.org
- update to cacti-0.8.7g

Sat May 22 14:00:00 2010 joop.boonenAATTopensuse.org
- update to cacti-0.8.7f

Wed Nov 11 13:00:00 2009 joop.boonenAATTopensuse.org
- Added the missing cli directory

Mon Aug 31 14:00:00 2009 joop.boonenAATTopensuse.org
- Minor change in the name of the patch file

Fri Aug 28 14:00:00 2009 puzelAATTnovell.com
- update to cacti-0.8.7e.tar.bz2
- bug#0001044: Creating a DS, Output field can\'t be selected for
DT with a DIM when \"Use Per-Data Source Value\" is on
- bug#0001341: SNMP query: add oid_suffix for weird SNMP queries
- bug#0001345: Overwriting $snmp_index in query_snmp_host() breaks
SNMP Data query if using get method
- bug#0001346: Strip out noisy \'No Such Instance currently exists
at this OID\'
- bug#0001404: timeout in \"function ping_icmp\" (lib/ping.php)
- bug#0001405: Spaces in DS when .rrd file is created, so it fails
- bug#0001407: Place graph thumbnail into div to lower page length
changes on load graphs
- bug#0001410: Thumbnail Columns is not honored for host display
with snmp index group style
- bug#0001411: Graph searching issue
- bug#0001413: strip_quotes fails
- bug#0001426: multiple form opening due to bug in draw_edit_form()
- bug#0001436: CSV Export Start Date and End Date are always
1970-01-01 01:00:00
- bug#0001443: format_snmp_string can return a number with a leading space
- bug#0001446: Wrong dates override in CSV export
- bug#0001456: oid_uptime is not parsed correctly
- bug#0001460: Skiping input parameters in data_query_field_list()
may lead to SQL errors
- bug#0001464: Typo in install/index.php
- bug#0001467: Customisable oid index parse regexp for weird MIBs
- bug#0001468: Tree is not expanded correctly
- bug#0001469: Tree is not being expanded if user followed link
outside of cacti
- bug#0001476: Mark stacked columns in rrdtool_function_xport() output
- bug#0001477: Spelling error in a variable in html_tree.php
- bug#0001478: Combo boxes on Graph Management page produce URLs
with leading spaces
- bug: Top Graph Header Breaks When Plugins Used
- bug: SNMP v3 Password issue caused by Firefox\'s Password AutoFill
- bug: Strip Quotes does not properly handle the value \'U\'
- bug: Changes to the graph tree would not show up immediately for
current user
- bzip sources

Mon Jun 15 14:00:00 2009 prusnakAATTsuse.cz
- reverted BuildRequires from libdb-4_5-devel to db-devel

Fri May 22 14:00:00 2009 joop.boonenAATTopensuse.org
- Working with prefix

Sat Apr 25 14:00:00 2009 joop_boonenAATTweb.de
- Updated BuildRequires to libdb-4_5-devel


  
ICM