<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=utf-8" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Salvatore Bonaccorso pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/e2beca2f63210d78094f9379a4bfdc87663a21a4">e2beca2f</a></strong>

<div>

<span>by Salvatore Bonaccorso</span>

<i>at 2018-09-28T21:20:22Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Clarify status for CVE-2014-470{1,3}

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/dfd15f500c45dcb9546b32e6f62bfd73fd9bc27f">dfd15f50</a></strong>

<div>

<span>by Salvatore Bonaccorso</span>

<i>at 2018-09-28T21:33:10Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update status for CVE-2014-470{1,2,3}/monitoring-plugins

The issues were fixed differently in the monitoring-plugins codebasis.

Upstream of monitoring-plugins did in the fix decide to drop privileges

before reading file. Thiw as adressed in

https://github.com/monitoring-plugins/monitoring-plugins/commit/48025ff39c3a78b7805bf803ac96730cef53e15c

which is included in the initial upload of monitoring-plugins for

Debian. As such CVE-2014-4703 as well (as being a CVE for an incomplete

fix specifically for nagios-plugins does not affect montoring-plugins)

As a note for people wanting to backport the fixed for nagios-plugins

itself for older versions: For nagios-plugins specifically the fix could

be extracted by the diff of the tarballs for 2.0.1 to 2.0.2 for

CVE-2014-470{1,2} limiting to lib/parse_ini.c and for CVE-2014-4703 for

the changes in lib/parse_ini.c between 2.0.2 and 2.0.3.

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/compare/98d59a660ba6d503e25159cc7765c9547a7a7f4d...dfd15f500c45dcb9546b32e6f62bfd73fd9bc27f#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/compare/98d59a660ba6d503e25159cc7765c9547a7a7f4d...dfd15f500c45dcb9546b32e6f62bfd73fd9bc27f">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

</p>

</div>

</body>

</html>