-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3295-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 24, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : cacti CVE ID : CVE-2015-2665 CVE-2015-4342 CVE-2015-4454 Several vulnerabilities (cross-site scripting and SQL injection) have been discovered in Cacti, a web interface for graphing of monitoring systems. For the oldstable distribution (wheezy), these problems have been fixed in version 0.8.8a+dfsg-5+deb7u5. For the stable distribution (jessie), these problems have been fixed in version 0.8.8b+dfsg-8+deb8u1. For the unstable distribution (sid), these problems have been fixed in version 0.8.8d+ds1-1. We recommend that you upgrade your cacti packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVivszAAoJEAVMuPMTQ89Eq+sP/2jqe/IKVQwUxnJEY1w6hCRY S5kVRgGIW+e6WZnuIqTXWcELC+XhmOWv1F2McC7SJXclV7eMIlae/JwKb47XFVAX 1Nw1NlK+LZlbm23pqTv0ao8a0REhqkhMMENs/Ss1P2QFHxSCAqcoyXQ2wvTLwfXR 8Bm1qV12pHDd0TZG5gInNVncWL13sFIs8Fx0+psLyFa3yh2u5nbylVM2XNa3XTOn YtG4OnWkBrinpXtJ9S3XfF3JTUgMv0WLoK0ZD105GKJnxDWwsalDgFqkInGoYX6R oA/USy1LgX98s19tRKYhgadyl4FcUF62SR6arhPkLQdH3RX8uuZEs8/ozY6u4WSp 24Fsq4x+4M+9tUwNVwOgZ6+pCPkul3tSTfnxE7uao09JCQmD6QuEqbuJObEexnqz xm4JU3d0nXhLl7CGXdgMr4Cs4B+zRW/yCXyBQkbq72BhBPQE/70c1ze+sIdpCJI8 a3seNpa40kvEUQfxin7+itkfJhz2g1beRUsHclSTz8YrBD3iz79hnhlzJPte5H4z WDBXrNkxKnBQMTkhaTufT+NdnlkcxFPbr6HEW70Px/WNPsSca469NGyHy+u9QZM/ oM78VdKjP4AGKzBBY4HYplkbhRAgfF67Wdg0M5GZ8VRuh0knbogeau+srUTj16BO ZUkO3AskyvyalG1tCSsy =OST/ -----END PGP SIGNATURE-----