[Git][security-tracker-team/security-tracker][master] 3 commits: Update status for CVE-2013-4215/monitoring-plugins
Salvatore Bonaccorso
carnil at debian.org
Fri Sep 28 22:00:29 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9376c9ac by Salvatore Bonaccorso at 2018-09-28T20:58:16Z
Update status for CVE-2013-4215/monitoring-plugins
The contrib/check_ipxping source was removed in upstream release 1.5
(that is before the src:nagios-plugins -> src:monitoring-plugins move)
and the src:monitoring-plugins move never contained an affected version
in consequence before the initial upload to Debian.
Merge thus as well the jessie status in the entry as it is the same for
all suites now.
- - - - -
f609be7e by Salvatore Bonaccorso at 2018-09-28T20:58:16Z
Track fixed verison for CVE-2013-4215/nagios-plugins
1.4.16+git20130902-1 upload to unstable removed contrib/check_ipxping.c
and thus fixing the issue for the source package in Debian.
- - - - -
119e5b06 by Salvatore Bonaccorso at 2018-09-28T20:58:59Z
Remove no-dsa tag for CVe-2017-9868 as fix included in DLA
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -68433,7 +68433,6 @@ CVE-2017-9868 (In Mosquitto through 1.4.12, mosquitto.db (aka the persistence fi
{DLA-1146-1}
- mosquitto 1.4.14-1 (bug #865959)
[stretch] - mosquitto 1.4.10-3+deb9u1
- [jessie] - mosquitto <no-dsa> (Minor issue)
NOTE: https://github.com/eclipse/mosquitto/issues/468
NOTE: https://github.com/eclipse/mosquitto/commit/09cb1b61c8f48284d9c42bd911faa7525cc689c7
CVE-2017-9867
@@ -188797,10 +188796,11 @@ CVE-2013-4217 (The OSAL_Crypt_SetEncryptedPassword function in ...)
CVE-2013-4216 (The Trace_OpenLogFile function in ...)
- wimax-tools <itp> (bug #627975)
CVE-2013-4215 (The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins ...)
- - nagios-plugins <removed> (unimportant)
+ - nagios-plugins 1.4.16+git20130902-1 (unimportant)
NOTE: vulnerable code present, but check_ipxping is neither built nor installed
- - monitoring-plugins <undetermined> (unimportant)
- [jessie] - monitoring-plugins <not-affected> (vulnerable code not present)
+ - monitoring-plugins <not-affected> (Fixed before initial upload to Debian)
+ NOTE: contrib/check_ipxping removed from src:monitoring-pluging before the
+ NOTE: initial upload to Debian after the source package rename.
CVE-2013-4214 (rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when ...)
- nagios3 3.5.1-1 (low; bug #719056)
[wheezy] - nagios3 <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/854124a607ab4c09c8bb576f7f0adc72cfbd53bd...119e5b068476ac0dd1850e2c0938fde14464f414
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/854124a607ab4c09c8bb576f7f0adc72cfbd53bd...119e5b068476ac0dd1850e2c0938fde14464f414
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180928/fc8f93af/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list