Release Notes - 0.8.8h Changelog bug:0002656: Authentication using web authentication as a user not in the cacti database allows complete access (regression) bug:0002667: Cacti SQL Injection Vulnerability bug:0002666: When click the [Clear] button after clicking the [Refresh] button in Preview Mode , fails to CSRFcheck bug:0002673: CVE-2016-3659 - Cacti graph_view.php SQL Injection Vulnerability bug:0002676: Outdated MIBs for non-unicast packets bug:0002677: Index is a MySQL 5.6 reserved word bug:0002681: generate_graph_def_name() generates reserved word "cf"
Arch teams, please test and mark stable: =net-analyzer/cacti-0.8.8h Targeted stable KEYWORDS : alpha amd64 hppa sparc x86 =net-analyzer/cacti-spine-0.8.8h Targeted stable KEYWORDS : amd64 hppa sparc x86
amd64 stable
x86 stable
Stable for HPPA.
Stable on alpha.
Added to existing GLSA.
sparc stable. Maintainer(s), please cleanup.
This issue was resolved and addressed in GLSA 201607-05 at https://security.gentoo.org/glsa/201607-05 by GLSA coordinator Aaron Bauman (b-man).
@maintainer(s), reopening for cleanup. Please clean the vulnerable versions.
Readding SPARC for =net-analyzer/cacti-spine-0.8.8h
(In reply to Jeroen Roovers from comment #10) > Readding SPARC for > > =net-analyzer/cacti-spine-0.8.8h net-analyzer/cacti: sparc stable wrt bug #582996 Agostino Sarubbo, Fri, 8 Jul 2016 06:00, commit d09843a7 Arches and Maintainer(s), Thank you for your work.
Keywords for net-analyzer/cacti-spine: | a a a h i p p s x m a m n r s s | e u s | r | l m r p a p p p 8 i r 6 i i 3 h | a n l | e | p d m p 6 c c a 6 p m 8 o s 9 | p u o | p | h 6 a 4 6 r s 6 k s c 0 | i s t | o | a 4 4 c 4 2 v | e | | | d | -------+---------------------------------+-------+------- 0.8.8e | o + o + o ~ ~ + + o o o o o o o | 5 o 0 | gentoo 0.8.8h | o + o + o ~ ~ ~ + o o o o o o o | 5 o | gentoo
I missed cacti-spine, sorry, I will do it now.
@maintainer(s), while it is not vulnerable it should still be cleaned for consistency and I assume it is obsolete concerning version mismatches: =net-analyzer/cacti-spine-0.8.8e
(In reply to Aaron Bauman from comment #15) > @maintainer(s), while it is not vulnerable it should still be cleaned for > consistency and I assume it is obsolete concerning version mismatches: what?
Tree is clean.