[Pkg-nagios-devel] Bug#697930: Bug#697930: Bug#697930: nagios3: CVE-2012-6096

Alexander Wirt formorer at debian.org
Tue Jan 22 15:49:25 UTC 2013


On Tue, 22 Jan 2013, Jonathan Wiltshire wrote:

> On 2013-01-20 19:54, Alexander Wirt wrote:
> >On Sun, 20 Jan 2013, Moritz Mühlenhoff wrote:
> >
> >>On Fri, Jan 11, 2013 at 03:56:25PM +0000, Jonathan Wiltshire wrote:
> >>> Control: found -1 3.2.1-2
> >>>
> >>> On 2013-01-11 13:50, Moritz Muehlenhoff wrote:
> >>> >Package: nagios3
> >>> >Severity: grave
> >>> >Tags: security
> >>> >Justification: user security hole
> >>> >
> >>> >This was assigned CVE-2012-6096:
> >>> >
> >>> >http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0108.html
> >>> >
> >>> >Fix:
> >>> >
> >>> >http://nagios.svn.sourceforge.net/viewvc/nagios?view=revision&revision=2547
> >>>
> >>> I tested against squeeze and reproduced the problem. We use nagios
> >>> at work so I'm happy to prepare DSA packages if required.
> >>
> >>Jonathan, can you prepare packages for stable-security now that
> >>we have
> >>a final patch?
> >We have? We have an icinga patch, its still on my list to check
> >the nagios
> >patch if it fixes really all problems...
> 
> I'm more than happy to test packages at work and write DSA text and
> so on but I don't have the knowledge of nagios to be able to do the
> patch preparation.
You can go ahead for icinga (I already attached the patch). I'll see about a
patch for nagios later in the evening.

Alex



More information about the Pkg-nagios-devel mailing list