[Pkg-nagios-devel] Bug#579067: nagios3-doc: nagios web pages embed images from external http sites

Jameson Graef Rollins jrollins at finestructure.net
Sat Apr 24 23:39:30 UTC 2010 

Package: nagios3-doc
Version: 3.0.6-4~lenny2
Severity: normal
Tags: patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

The nagios web front page (main.html) embeds an image from an external
http site (sourceforge).  This is quite problematic for systems that
wish to provide their nagios web pages over https.  This causes
warnings to users that access the site over https that there is
non-https information embeded.  It can be an information leak as well.
The nagios web pages should therefore not embed any source from
external sites.

I believe this may only affect nagios3 for lenny, as I don't see any
external source embedding in the pages provided by nagios3-doc for
squeeze.

Including a patch to remove the offending source below.

Thanks so much for maintaining nagios.

jamie.

- --- /usr/share/nagios3/htdocs/main.html.old     2010-04-24 19:09:11.000000000 -0400
+++ /usr/share/nagios3/htdocs/main.html         2010-04-24 19:09:26.000000000 -0400
@@ -78,10 +78,6 @@
 </div> 
 </p>
 
- -<div align="center">
- -<a href="http://sourceforge.net/projects/nagios"><img src="http://sflogo.sourceforge.net/sflogo.php?group_id=26589&amp;type=2" width="125" height="37" border="0" alt="SourceForge.net Logo" /></a>
- -</div>
- -
 <div align="center" CLASS="disclaimer">
 <br />
 Nagios and the Nagios logo are trademarks, servicemarks, registered trademarks or registered servicemarks owned by Nagios Enterprises, LLC.<br />

- -- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-trunk-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJL04EuAAoJEO00zqvie6q8yxgQAK+eIVNsLzkdoUga/1ZfPMs1
VJ99kqDD0UUHgNpUsYn0FA8jGjg3BeR17FsfecW7+qhRt1+5UGd8VeWhamSmJwlX
VTCCTkCmbmhmNgCCrVOvh20gGpn6aUz0Su312wPf5X2x4DB1sDAKw5Lcw9o6HKrW
fHJ9XHZy518HGVGiHHsa4rWWn0Xs4j3TVgqPVdMG2T6vAJVTz+VG2I9Pg0tqgCoU
M4xH5d6PGO6g1UbGC18wyydJpnEprk840AOl/E0EaqsPkf7ZdJ2jVv7M0augioqC
i/GSBWhvzEq0LjkJLLmc7tpTGAqdrfUHl6CCSEjKSayz7+Xy2PJWqndx5FeuRHA6
v4hgreU7P4gSzJE4reouKSjKjUfZGgu1ubLyW1+EZvbUv+8OxDDy5iuLT7skVavM
JUyG5KYvw1isnQYJLCwcpPg2k8kFBy9WnHUtmn+8z/tjzXjdJ+PArUeHXcYj96+c
RQ/DWdpwjxR6zgDa0W4sSQAbFFBOhLJHRtn5Tr4jBvwy1eMYRSC9oGLcCHSULQ0U
dSrdtgo6RyossT/LcdcFY0KR5OIbhxCmweG19S135YTeSY43qg8wX0c+xsVqLk7I
GXdFAbalCU5iWdV393YcBUOBZp1OHflHpsD3c/dPCfxSc7tYoU4LD4dLp+ig0WEa
Z9itIoqYzZC0U8Y5Wa1h
=rr0V
-----END PGP SIGNATURE-----

More information about the Pkg-nagios-devel mailing list