Overview

File _patchinfo of Package patchinfo.7205

<patchinfo incident="7205">
  <issue id="1054742" tracker="bnc">VUL-0: CVE-2017-12978: cacti: lib/html.php in Cacti before 1.1.18 has XSS via the title field of anexternal link added by an authenticated user.</issue>
  <issue id="1054390" tracker="bnc">VUL-0: CVE-2017-12927: cacti: XSS in methodparameter in spikekill.php.</issue>
  <issue id="2017-12978" tracker="cve" />
  <issue id="2017-12927" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>AndreasStieger</packager>
  <description>This update for cacti and cacti-spine fixes security issues and bugs.

The following vulnerabilities were fixed:

* CVE-2017-12927: Cross-site scripting vulnerability in methodparameter (bsc#1054390)
* CVE-2017-12978:Cross-site scripting vulnerability via the title field (bsc#1054742)
    
It also contains all upstream bug fixes and improvements in the 1.1.18 release:

* Sort devices by polling time to allow long running d
* Allow user to hide Graphs from disabled Devices
* Create a separate Realm for Realtime Graphs
* Fix various JavaScript errors
* updated translations
* Can now export Device table results to CSV
* Allow Log Rotation to be other than Daily, and other log rotation improvements
</description>
  <summary>Security update for cacti, cacti-spine</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places