From owner-freebsd-ports-bugs@freebsd.org Sun Jul 19 23:44:12 2015 Return-Path: Delivered-To: freebsd-ports-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 931D49A65C0 for ; Sun, 19 Jul 2015 23:44:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 661C21617 for ; Sun, 19 Jul 2015 23:44:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t6JNiCZk014651 for ; Sun, 19 Jul 2015 23:44:12 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 201702] net-mgmt/cacti: Multiple XSS and SQL injection vulnerabilities (CVE-2015-4634) Date: Sun, 19 Jul 2015 23:44:11 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: jason.unovitch@gmail.com X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ports-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter cc flagtypes.name Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Jul 2015 23:44:12 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201702 Bug ID: 201702 Summary: net-mgmt/cacti: Multiple XSS and SQL injection vulnerabilities (CVE-2015-4634) Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: jason.unovitch@gmail.com CC: freebsd-ports@dan.me.uk Flags: maintainer-feedback?(freebsd-ports@dan.me.uk) CC: freebsd-ports@dan.me.uk Maintainer of net-mgmt/cacti, Cacti 0.8.8e was released featuring multiple security fixes. Release Notes - 0.8.8e Important Security Fixes Multiple XSS and SQL injection vulnerabilities CVE-2015-4634 - SQL injection in graphs.php Changelog bug: Fixed issue with graph zooming failing to work bug: Fixed various SQL Injection vectors bug#0002569: Impossible to have a URL pointing directly to a graph bug#0002574: SQL Injection Vulnerabilities in graph items and graph template items bug#0002577: CVE-2015-4634 - SQL injection in graphs.php bug#0002579: SQL Injection Vulnerabilities in data sources bug#0002580: SQL Injection in cdef.php bug#0002582: SQL Injection in data_templates.php bug#0002583: SQL Injection in graph_templates.php bug#0002584: SQL Injection in host_templates.php bug#0002586: Cannot delete data sources from the GUI bug#0002592: graph_view.php - viewing host in new tab - Undefined index: nodeid bug#0002594: status_fail_date and status_rec_date are set incorrectly after host is marked down bug#0002597: Incorrect value in Hosts column on Host Templates page bug#0002598: Incorrect row number in Devices -> (Edit) page -- You are receiving this mail because: You are the assignee for the bug.