Bug 223756

Summary: net-mgmt/cacti: Update to 1.1.28 [security]
Product: Ports & Packages Reporter: Daniel Austin <freebsd-ports>
Component: Individual Port(s)Assignee: Luca Pizzamiglio <pizzamig>
Status: Closed FIXED    
Severity: Affects Some People CC: pizzamig
Priority: --- Keywords: easy, patch, security
Version: LatestFlags: pizzamig: merge-quarterly+
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Update cacti to 1.1.28 freebsd-ports: maintainer-approval+

Description Daniel Austin 2017-11-19 23:19:56 UTC
Created attachment 188128 [details]
Update cacti to 1.1.28

Update cacti to 1.1.28.

This is a security update, so please also merge quarterly.

Committer: Please ignore the portlint warnings about gettext - cacti has internal support for gettext.

This version fixes the following CVE references:

issue#1057: CVE-2017-16641 - Potential vulnerability in RRDtool functions
issue#1066: CVE-2017-16660 in remote_agent.php logging function
issue#1066: CVE-2017-16661 in view log file
issue#1071: CVE-2017-16785 in global_session.php Reflection XSS

Poudriere testport logs for i386/amd64 10.4/11.1 at:

https://poudriere.dan.tm/poudriere/data/latest-per-pkg/cacti/1.1.28/
Comment 1 commit-hook freebsd_committer 2017-11-21 12:02:00 UTC
A commit references this bug:

Author: pizzamig
Date: Tue Nov 21 12:01:23 UTC 2017
New revision: 454600
URL: https://svnweb.freebsd.org/changeset/ports/454600

Log:
  security/vuxml: Document multiple vulnerabilities in net-mgmt/cacti

  PR:		223756
  Reported by:	freebsd-ports@dan.me.uk
  Approved by:	olivier (mentor)
  Security:		CVE-2017-16641
  Security:		CVE-2017-16660
  Security:		CVE-2017-16661
  Security:		CVE-2017-16785

Changes:
  head/security/vuxml/vuln.xml
Comment 2 commit-hook freebsd_committer 2017-11-21 12:05:05 UTC
A commit references this bug:

Author: pizzamig
Date: Tue Nov 21 12:04:26 UTC 2017
New revision: 454601
URL: https://svnweb.freebsd.org/changeset/ports/454601

Log:
  net-mgmt/cacti: Update to 1.1.28

  PR:		223756
  Submitted by:	freebsd-ports@dan.me.uk (maintainer)
  Approved by:	olivier (mentor)
  MFH:		2017Q4
  Security:	CVE-2017-16641
  Security:	CVE-2017-16660
  Security:	CVE-2017-16661
  Security:	CVE-2017-16785
  Differential Revision:	https://reviews.freebsd.org/D13175

Changes:
  head/net-mgmt/cacti/Makefile
  head/net-mgmt/cacti/distinfo
  head/net-mgmt/cacti/pkg-plist
Comment 3 commit-hook freebsd_committer 2017-11-27 21:01:11 UTC
A commit references this bug:

Author: pizzamig
Date: Mon Nov 27 21:00:16 UTC 2017
New revision: 454992
URL: https://svnweb.freebsd.org/changeset/ports/454992

Log:
  MFH: r454601

  net-mgmt/cacti: Update to 1.1.28

  PR:		223756
  Submitted by:	freebsd-ports@dan.me.uk (maintainer)
  Approved by:	olivier (mentor)
  Security:	CVE-2017-16641
  Security:	CVE-2017-16660
  Security:	CVE-2017-16661
  Security:	CVE-2017-16785
  Differential Revision:	https://reviews.freebsd.org/D13175

  Approved by:	ports-secteam (swills)

Changes:
_U  branches/2017Q4/
  branches/2017Q4/net-mgmt/cacti/Makefile
  branches/2017Q4/net-mgmt/cacti/distinfo
  branches/2017Q4/net-mgmt/cacti/pkg-plist
Comment 4 Luca Pizzamiglio freebsd_committer 2017-11-27 21:43:35 UTC
Committed! Thanks!