[Pkg-nagios-devel] Bug#714171: security uploads for Bug#714171 (nagios3-cgi: CVE-2013-2214: status.cgi lists unauthorized hosts and services in servicegroup view)

Jonas Meurer jonas at freesources.org
Mon Jul 8 15:17:07 UTC 2013


Hello,

Am 2013-07-03 13:55, schrieb Alexander Wirt:
> Jonas Meurer schrieb am Wednesday, den 03. July 2013:
> 
>> Am 2013-06-27 07:51, schrieb owner at bugs.debian.org:
>> >Source: nagios3
>> >Source-Version: 3.4.1-4
>> >
>> >We believe that the bug you reported is fixed in the latest version of
>> >nagios3, which is due to be installed in the Debian FTP archive.
>> 
>> Thanks for fixing. Do you intend to backport that fix for squeeze
>> and wheezy? I would recommend to do so. If you like, I can prepare a
>> debdiff for both.
> I am currently very short on time, so yes: that would be appreciated.

I just prepared packages for squeeze-security (3.2.1-2+squeeze2 just 
fixing #714171) and wheezy-security (3.4.1-3+wheezy1, fixing #714171 and 
#710356).

Debdiffs are attached. Full package sources and binaries for amd64 can 
be found at http://people.freesources.org/~mejo/nagios3/

I'll happily upload as soon as I've the ok from security team.

Kind regards,
  jonas



More information about the Pkg-nagios-devel mailing list