[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2014-1878,nagios3: Link to fixing commit.

Markus Koschany apo at debian.org
Sun Dec 23 19:22:46 GMT 2018 

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
913e7331 by Markus Koschany at 2018-12-23T18:51:26Z
CVE-2014-1878,nagios3: Link to fixing commit.

The fix was done for icinga but also applies to nagios3.

- - - - -
02985f1d by Markus Koschany at 2018-12-23T19:12:44Z
CVE-2013-7108,CVE-2013-7205,nagios3,icinga: Link to fixing commits

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -190149,6 +190149,7 @@ CVE-2014-1878 (Stack-based buffer overflow in the cmd_submitf function in cgi/cm
 	- icinga 1.10.3-1
 	- nagios3 <removed> (bug #823721)
 	[jessie] - nagios3 <no-dsa> (Minor issue)
+	NOTE: Fixed by https://github.com/Icinga/icinga-core/commit/eedf4f7d88cdc50843572224eb38a2f5c78a2dc5
 CVE-2014-1873
 	RESERVED
 CVE-2014-1872
@@ -194301,6 +194302,8 @@ CVE-2013-7205 (Off-by-one error in the process_cgivars function in ...)
 	[squeeze] - nagios3 <no-dsa> (Minor issue)
 	[wheezy] - nagios3 <no-dsa> (Minor issue)
 	NOTE: additional changed files for nagios3, cf. CVE-2013-7108
+	NOTE: Fixed by https://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/
+	NOTE: See also https://github.com/Icinga/icinga-core/issues/1399
 CVE-2013-7203 (gitolite before commit fa06a34 might allow local users to read ...)
 	- gitolite3 3.5.3.1-1
 	NOTE: http://marc.info/?l=oss-security&m=138783069700756&w=2
@@ -194459,6 +194462,7 @@ CVE-2013-7108 (Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earli
 	[wheezy] - nagios3 <no-dsa> (Minor issue)
 	NOTE: https://dev.icinga.org/issues/5251
 	NOTE: separate CVE requested for nagios, http://www.openwall.com/lists/oss-security/2013/12/23/4
+	NOTE: Fixed by https://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/
 CVE-2013-7107 (Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga ...)
 	{DSA-2956-1}
 	- icinga 1.10.2-1 (low)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/882888961f3ca79281d54842f736ba0ad89ab68f...02985f1d51090dbc8a618e68a2a995b666cb2f4b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/882888961f3ca79281d54842f736ba0ad89ab68f...02985f1d51090dbc8a618e68a2a995b666cb2f4b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181223/c54ede03/attachment.html>

More information about the debian-security-tracker-commits mailing list