Release Notes - 0.8.8h
bug:0002656: Authentication using web authentication as a user not in the cacti database allows complete access (regression)
bug:0002667: Cacti SQL Injection Vulnerability
bug:0002666: When click the [Clear] button after clicking the [Refresh] button in Preview Mode , fails to CSRFcheck
bug:0002673: CVE-2016-3659 - Cacti graph_view.php SQL Injection Vulnerability
bug:0002676: Outdated MIBs for non-unicast packets
bug:0002677: Index is a MySQL 5.6 reserved word
bug:0002681: generate_graph_def_name() generates reserved word "cf"
Arch teams, please test and mark stable:
Targeted stable KEYWORDS : alpha amd64 hppa sparc x86
Targeted stable KEYWORDS : amd64 hppa sparc x86
Stable for HPPA.
Stable on alpha.
Added to existing GLSA.
Maintainer(s), please cleanup.
This issue was resolved and addressed in
GLSA 201607-05 at https://security.gentoo.org/glsa/201607-05
by GLSA coordinator Aaron Bauman (b-man).
@maintainer(s), reopening for cleanup. Please clean the vulnerable versions.
Readding SPARC for
(In reply to Jeroen Roovers from comment #10)
> Readding SPARC for
net-analyzer/cacti: sparc stable wrt bug #582996
Agostino Sarubbo, Fri, 8 Jul 2016 06:00, commit d09843a7
Arches and Maintainer(s), Thank you for your work.
Keywords for net-analyzer/cacti-spine:
| a a a h i p p s x m a m n r s s | e u s | r
| l m r p a p p p 8 i r 6 i i 3 h | a n l | e
| p d m p 6 c c a 6 p m 8 o s 9 | p u o | p
| h 6 a 4 6 r s 6 k s c 0 | i s t | o
| a 4 4 c 4 2 v | e |
| | d |
0.8.8e | o + o + o ~ ~ + + o o o o o o o | 5 o 0 | gentoo
0.8.8h | o + o + o ~ ~ ~ + o o o o o o o | 5 o | gentoo
I missed cacti-spine, sorry, I will do it now.
@maintainer(s), while it is not vulnerable it should still be cleaned for consistency and I assume it is obsolete concerning version mismatches:
(In reply to Aaron Bauman from comment #15)
> @maintainer(s), while it is not vulnerable it should still be cleaned for
> consistency and I assume it is obsolete concerning version mismatches:
Tree is clean.