File _patchinfo of Package patchinfo.4668

<patchinfo incident="4668">
  <packager>AndreasStieger</packager>
  <issue tracker="cve" id="CVE-2015-8369"></issue>
  <issue tracker="cve" id="CVE-2015-8604"></issue>
  <issue tracker="cve" id="CVE-2015-8377"></issue>
  <issue tracker="bnc" id="958863">VUL-0: CVE-2015-8369: cacti: SQL injection in graph.php</issue>
  <issue tracker="bnc" id="960678">VUL-0: CVE-2015-8604: cacti: SQL injection vulnerability in graphs_new.php</issue>
  <issue tracker="bnc" id="958977">VUL-0: CVE-2015-8377: cacti: SQL injection in graphs_new.php</issue>
  <issue tracker="bnc" id="965930">VUL-0: CVE-2016-2313: cacti: Authentication using web authentication as a user not in the cacti database allows complete access</issue>
  <issue tracker="cve" id="CVE-2016-2313"></issue>
  <issue tracker="bnc" id="965864">cacti: poller Script Parser is Broken</issue>
  <category>security</category>
  <rating>moderate</rating>
  <summary>Security update for cacti</summary>
  <description>cacti was updated to fix the following vulnerabilities:

- CVE-2015-8369: SQL injection in graph.php (boo#958863)
- CVE-2015-8604: SQL injection in graphs_new.php (boo#960678)
- CVE-2015-8377: SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php (boo#958977)
- CVE-2016-2313: Authentication using web authentication as a user not in the cacti database allows complete access (boo#965930)

The following non-security bugs were fixed:

- boo#965864: Poller Script Parser was broken

cacti-spine was updated to match the cacti version, fixing a number of upstream bugs.</description>
</patchinfo>