[Git][security-tracker-team/security-tracker][master] 3 commits: Update status for CVE-2013-4215/monitoring-plugins

Fri Sep 28 22:00:29 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9376c9ac by Salvatore Bonaccorso at 2018-09-28T20:58:16Z
Update status for CVE-2013-4215/monitoring-plugins

The contrib/check_ipxping source was removed in upstream release 1.5
(that is before the src:nagios-plugins -> src:monitoring-plugins move)
and the src:monitoring-plugins move never contained an affected version
in consequence before the initial upload to Debian.

Merge thus as well the jessie status in the entry as it is the same for
all suites now.

- - - - -
f609be7e by Salvatore Bonaccorso at 2018-09-28T20:58:16Z
Track fixed verison for CVE-2013-4215/nagios-plugins

1.4.16+git20130902-1 upload to unstable removed contrib/check_ipxping.c
and thus fixing the issue for the source package in Debian.

- - - - -
119e5b06 by Salvatore Bonaccorso at 2018-09-28T20:58:59Z
Remove no-dsa tag for CVe-2017-9868 as fix included in DLA

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -68433,7 +68433,6 @@ CVE-2017-9868 (In Mosquitto through 1.4.12, mosquitto.db (aka the persistence fi
 	{DLA-1146-1}
 	- mosquitto 1.4.14-1 (bug #865959)
 	[stretch] - mosquitto 1.4.10-3+deb9u1
-	[jessie] - mosquitto <no-dsa> (Minor issue)
 	NOTE: https://github.com/eclipse/mosquitto/issues/468
 	NOTE: https://github.com/eclipse/mosquitto/commit/09cb1b61c8f48284d9c42bd911faa7525cc689c7
 CVE-2017-9867
@@ -188797,10 +188796,11 @@ CVE-2013-4217 (The OSAL_Crypt_SetEncryptedPassword function in ...)
 CVE-2013-4216 (The Trace_OpenLogFile function in ...)
 	- wimax-tools <itp> (bug #627975)
 CVE-2013-4215 (The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins ...)
-	- nagios-plugins <removed> (unimportant)
+	- nagios-plugins 1.4.16+git20130902-1 (unimportant)
 	NOTE: vulnerable code present, but check_ipxping is neither built nor installed
-	- monitoring-plugins <undetermined> (unimportant)
-	[jessie] - monitoring-plugins <not-affected> (vulnerable code not present)
+	- monitoring-plugins <not-affected> (Fixed before initial upload to Debian)
+	NOTE: contrib/check_ipxping removed from src:monitoring-pluging before the
+	NOTE: initial upload to Debian after the source package rename.
 CVE-2013-4214 (rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when ...)
 	- nagios3 3.5.1-1 (low; bug #719056)
 	[wheezy] - nagios3 <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/854124a607ab4c09c8bb576f7f0adc72cfbd53bd...119e5b068476ac0dd1850e2c0938fde14464f414

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/854124a607ab4c09c8bb576f7f0adc72cfbd53bd...119e5b068476ac0dd1850e2c0938fde14464f414
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180928/fc8f93af/attachment-0001.html>
