[Secure-testing-commits] r10350 - data/CVE
white at alioth.debian.org
white at alioth.debian.org
Sun Nov 9 09:03:05 UTC 2008
Author: white
Date: 2008-11-09 09:03:03 +0000 (Sun, 09 Nov 2008)
New Revision: 10350
Modified:
data/CVE/list
Log:
nagios CSRF no-dsa after discussion with maintainer, 3 other nagios XSS need evaluation for dsa and then s-p-u notification or dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-11-08 21:14:17 UTC (rev 10349)
+++ data/CVE/list 2008-11-09 09:03:03 UTC (rev 10350)
@@ -69,6 +69,7 @@
NOT-FOR-US: SonicOS Enhanced
CVE-2008-XXXX [CSRF in nagios]
- nagios3 <unfixed> (low; bug #504894)
+ [etch] - nagios2 <no-dsa> (CSRF can only cause DoS and needs admin's browser)
NOTE: http://secunia.com/Advisories/32543/
TODO: check nagios2
NOTE: this is SA32610,
More information about the Secure-testing-commits
mailing list