[Pkg-nagios-devel] Bug#547092: Bug#547092: Bug#547092: Bug#547092: Bug#547092: nrpe ssl security problem

Thijs Kinkhorst thijs at debian.org
Sat Feb 23 16:00:56 UTC 2013

On Sat, February 23, 2013 15:41, Salvatore Bonaccorso wrote:
> Hi Alex
> On Sat, Feb 23, 2013 at 01:17:03PM +0100, Alexander Wirt wrote:
>> On Sat, 23 Feb 2013, Salvatore Bonaccorso wrote:
>> > Hi Alex, Hi Thijs
>> >
>> > I was looking trough the bugs for nagios-nrpe, and noticed #547092
>> > where there was an upload to address it, but the bug was not closed.
>> >
>> > I wondered if this was intentional, als the original issue is "only"
>> > addressed by making clear in the documentation where the issues are.
>> imho the ssl is still borken, so I think the upload does not close the
>> problem, per se.
>> There is no real solution to this problem without rewriting the whole
>> ssl
>> support - which makes our nrpe incompatible to the rest of the world.
> Thanks. Maybe we can ask for a 'wheezy-ignore' by the release team for
> this bug, with given explanation? In any case it would be good to get
> the documentation update into wheezy (but this could go into testing
> in one 'batch' with #701227).
> Thanks a lot for your work on nagios related packages.

As explained earlier in the bug log I believe that the documentation
change is the best option we have as there's no feasible way to path the
SSL support in Debian on our own. Having the documentation fixed will warn
people against using this option and reduces this bug from RC to the
specific broken functionality.

I've asked the release team to unblock the documentation fix.


More information about the Pkg-nagios-devel mailing list