Your message dated Wed, 13 Feb 2008 23:32:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#465567: fixed in cacti 0.8.7b-1
has caused the Debian Bug report #465567,
regarding please apply various patches from cacti.net
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
465567: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465567
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: cacti
Version: 0.8.7a-2
Severity: grave
Tags: security
Justification: user security hole
as per http://www.ush.it/team/ush/hack-cacti087a/cacti.txt , cacti
currently in sid suffers several security holes, fixed by either 0.8.7b
or by patches published on upstream site.
However, applying the multiple_vulnerabilities-0.8.7a.patch found here
breaks debian version at the chunk @@ -107,6 +107,16 @@, so maybe a
straight 0.8.7b package would be better.
I hope to have some time for looking at it in the afternoon, and attach
a correct patch, if no one will do first.
cheers,
ale
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.22-3-686 (SMP w/2 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
--- End Message ---
--- Begin Message ---
Source: cacti
Source-Version: 0.8.7b-1
We believe that the bug you reported is fixed in the latest version of
cacti, which is due to be installed in the Debian FTP archive:
cacti_0.8.7b-1.diff.gz
to pool/main/c/cacti/cacti_0.8.7b-1.diff.gz
cacti_0.8.7b-1.dsc
to pool/main/c/cacti/cacti_0.8.7b-1.dsc
cacti_0.8.7b-1_all.deb
to pool/main/c/cacti/cacti_0.8.7b-1_all.deb
cacti_0.8.7b.orig.tar.gz
to pool/main/c/cacti/cacti_0.8.7b.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sean Finney <[EMAIL PROTECTED]> (supplier of updated cacti package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 13 Feb 2008 23:30:31 +0100
Source: cacti
Binary: cacti
Architecture: source all
Version: 0.8.7b-1
Distribution: unstable
Urgency: high
Maintainer: Sean Finney <[EMAIL PROTECTED]>
Changed-By: Sean Finney <[EMAIL PROTECTED]>
Description:
cacti - Frontend to rrdtool for monitoring systems and services
Closes: 465567
Changes:
cacti (0.8.7b-1) unstable; urgency=high
.
* New upstream release. Fixes multiple security vulnerabilities (no
CVE references yet). Closes: #465567. Thanks to Alessandro Ogier for
the suggestion about the overzealous PHP_SELF checking.
Files:
194b36f64aa4500b08e54b0c37c51608 576 web extra cacti_0.8.7b-1.dsc
aa8a740a6ab88e3634b546c3e1bc502f 1972444 web extra cacti_0.8.7b.orig.tar.gz
ac2e7f46d20d57c58051c24c7e78dc9a 33284 web extra cacti_0.8.7b-1.diff.gz
e53f9d1d02f86e452d2cc389a72cab90 1850430 web extra cacti_0.8.7b-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD4DBQFHs3rzynjLPm522B0RAkn5AJwIc7BCsoV7kbAK9Ej9XDLQPQXZIgCXXohG
MXVJTAR8bYVE94fP6a+Twg==
=Jv96
-----END PGP SIGNATURE-----
--- End Message ---
