Overview

File _patchinfo of Package patchinfo.3596

<patchinfo incident="3596">
  <issue id="920399" tracker="bnc">VUL-0: CVE-2014-2327, CVE-2014-4002, CVE-2014-5025, CVE-2014-5026: cacti: fixes multiple vulnerabilities</issue>
  <issue id="CVE-2014-2327" tracker="cve" />
  <issue id="CVE-2014-4002" tracker="cve" />
  <issue id="CVE-2014-5025" tracker="cve" />
  <issue id="CVE-2014-5026" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>AndreasStieger</packager>
  <description>
cacti was updated to version 0.8.8c [boo#920399]

This update fixes four vulnerabilities and adds some compatible features.
- Security fixes not previously patched:
  - CVE-2014-2326 - XSS issue via CDEF editing
  - CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability
  - CVE-2014-2328 - Remote Command Execution Vulnerability in graph export
  - CVE-2014-4002 - XSS issues in multiple files
  - CVE-2014-5025 - XSS issue via data source editing
  - CVE-2014-5026 - XSS issues in multiple files
- Security fixes now upstream:
  - CVE-2013-5588 - XSS issue via installer or device editing
  - CVE-2013-5589 - SQL injection vulnerability in device editing

New features:
- New graph tree view
- Updated graph list and graph preview
- Refactor graph tree view to remove GPL incompatible code
- Updated command line database upgrade utility
- Graph zooming now from everywhere 
</description>
  <summary>Security update for cacti</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places