Репозитории ALT
| S: | 1.2.18-alt1 |
| 5.1: | 0.8.7b-alt4 |
| 4.1: | 0.8.7b-alt2 |
| 4.0: | 0.8.6j-alt1 |
Группа :: Мониторинг
Пакет: cacti
навигация по пакетам
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
17 июля 2021 Alexey Shabalin <shaba at altlinux.org> 1.2.18-alt1
- 1.2.18
- Fixes:
+ CVE-2020-35701 SQL Injection was possible due to incorrect validation order
+ CVE-2020-14424 Lack of escaping on file input fields can lead to XSS exposure under midwinter theme
- Fixed merge issue in lib/clog_webapi.php found by Alexander Makeenkov.
- Fixed issues in 1.2.15 release.
- Updated to upstream version 1.2.15 (Fixes: CVE-2020-13230, CVE-2020-13231).
- fix syntax error in include/global.php (thx to vercha@)
- package cacti.sql to doc dir
- 1.2.10
- Fixes:
+ CVE-2019-17357 When viewing graphs, some input variables are not properly checked (SQL injection possible)
+ CVE-2019-17358 When deserializating data, ensure basic sanitization has been performed
+ CVE-2019-16723 Security issue allows to view all graphs
+ CVE-2020-7106 Lack of escaping on some pages can lead to XSS exposure
+ CVE-2020-7237 Remote Code Execution due to input validation failure in Performance Boost Debug Log
+ CVE-2020-8813 When guest users have access to realtime graphs, remote code could be executed
- 1.2.3
- 1.2.2
- drop php5 package, php7 package merge with main
- 1.2.0
- 1.0.3
- add php7 subpackage
- 0.8.8h
- fixed CVE-2014-2326,CVE-2014-2327,CVE-2014-2328,CVE-2014-5025,
CVE-2014-5026,CVE-2014-4002,CVE-2013-5588,CVE-2013-5589,
CVE-2015-4342,CVE-2015-4634,CVE-2015-8377,CVE-2015-8604,
CVE-2016-3659
- fixed:
+ CVE-2014-2326 Unspecified HTML Injection Vulnerability
+ CVE-2014-2328 Unspecified Remote Command Execution Vulnerability
+ CVE-2014-2709 shell escaping issues in lib/rrd.php
+ CVE-2014-2708 SQL injection issues in graph_xport.php
- 0.8.8b
- 0.8.8a
- 0.8.8
- add official patch settings_checkbox.patch
- 0.8.7i
- 0.8.7h
- add official patches:
+ Fix issue with multi selection data source deactivation
+ Graph List View Searching
+ Repair various interface display issues
+ Fix LDAP authenication with group restrictions enabled
+ Update script server to properly process command line arguments that are quoted
+ Fixes issue with Cacti ping library
+ Fixes issue with 1 minute polling with 1 minute rra
- fix url_path in config.php
- 0.8.7g
- 0.8.7f:
+ SQL injection and shell escaping issues reported by Bonsai Information Security
+ Cross-site scripting issues reported by VUPEN Security
+ MOPS-2010-023: Cacti Graph Viewer SQL Injection Vulnerability
+ Fixed various issues with exporting and importing templates that contain special characters
+ Fixed condition that could cause RRDtool to segfault
+ Many fixes to html generation and presentation
- Adding official patch to fix sql vulnerability
- fix permition /var/lib/cacti
- add cacti/plugins/index.php
- 0.8.7e
- poller:
+ in sbin
+ no hide of errors in cron
+ use exec to avoid /bin/sh in process table - cacti in /usr/share
- log in /var/log/cacti
- triggerpostun for migration
- add cacti user to _webserver group
- Fix simlink /var/www/html/cacti/docs -> /usr/share/doc/cacti-doc-0.8.7b (Thanks at@)
- Remove package cacti-config-php
- Add new subpackage cacti-doc
- Convert spec to UTF8
- Add official patche reset_each_patch
- Add official patches
- Fix url_path in include/global.php
- Join sql scripts to one
- Add link to docs
- Add README_ALT.txt
- Add version-release to Requires: cacti-config
- Add Conflicts: cacti-config-php to cacti-config-php5
- Add Conflicts: cacti-config-php5 to cacti-config-php
- New version
- Update cacti-plugin-arch
- New version
- Remove all patches (in upstream)
- Add official patches:
+ cacti-1.2.18-thumbnail_graphs_not_working.patch
+ cacti-1.2.18-graph_debug_lockup_fix.patch - Add net-snmp-utils in Requires
- New version
- Add official patches:
+ cacti-1.2.18-ping_php_version4_snmpgetnext.patch
+ cacti-1.2.18-tree_console_missing_hosts.patch - Add cacti-plugin-arch
- Separate cactid in own package
- Add BuildArch: noarch (#10675)
- Add /etc/cron.d/cacti
- Add virtual packages for different depends
- Security fixes (CVE-2006-6799)
- New version
- Spec cleanups
- config.php was marked as config with noreplace
- Fixed BuildRequires
- New version
- Spec cleanups
- Many critical security bugfixes in upstream
- Spec fixes (now daemon and main module may have different versions)
- New version
- Removed BuildArch tag because our rpm doesn't support multiple buildarch's
in one spec ;-( Now php stuff has i586 arch ;-)
- Spec fixups (correct %setup macroses)
- Spec update (information for upgrade)
- New upstream version (has many new features)
- Russian translation for spec
- cactid now in separated package
- spec cleanups (permissions, path)
- Added missing buildrequires (libssl and other)
- New version
- New build
- Removed redundant docs from /var/www/html/cacti
- Added -M to useradd to skip homedir skeleton
- First alpha build for Sisyphus. All works, but...;-)