Ubuntu
cacti package

  1. Bug #1210822
  2. Comment #16

Comment 16 for bug 1210822

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cacti - 0.8.8b+dfsg-8+deb8u1build0.15.04.1

---------------
cacti (0.8.8b+dfsg-8+deb8u1build0.15.04.1) vivid-security; urgency=medium

  * fake sync from Debian (LP: #1210822)

cacti (0.8.8b+dfsg-8+deb8u1) jessie-security; urgency=high

  * Security update
    - CVE-2015-2665 Cross-site scripting (XSS) vulnerability in Cacti
      before 0.8.8d allows remote attackers to inject arbitrary web script
      or HTML via unspecified vectors.
    - CVE-2015-4342 SQL Injection and Location header injection from cdef
      id
    - CVE-2015-4454 SQL injection vulnerability in the
      get_hash_graph_template function in lib/functions.php in Cacti before
      0.8.8d allows remote attackers to execute arbitrary SQL commands via
      the graph_template_id parameter to graph_templates.php.
    - Unassigned CVE SQL injection VN:JVN#78187936 / TN:JPCERT#98968540

 -- Steve Beattie <email address hidden> Tue, 30 Jun 2015 11:47:36 -0700