[Pkg-nagios-devel] Bug#714171: security uploads for Bug#714171 (nagios3-cgi: CVE-2013-2214: status.cgi lists unauthorized hosts and services in servicegroup view)

Salvatore Bonaccorso carnil at debian.org
Wed Jul 10 09:06:17 UTC 2013

Hello Jonas

On Mon, Jul 08, 2013 at 05:21:07PM +0200, Jonas Meurer wrote:
> Hello,
> Am 2013-07-03 13:55, schrieb Alexander Wirt:
> >Jonas Meurer schrieb am Wednesday, den 03. July 2013:
> >
> >>Am 2013-06-27 07:51, schrieb owner at bugs.debian.org:
> >>>Source: nagios3
> >>>Source-Version: 3.4.1-4
> >>>
> >>>We believe that the bug you reported is fixed in the latest version of
> >>>nagios3, which is due to be installed in the Debian FTP archive.
> >>
> >>Thanks for fixing. Do you intend to backport that fix for squeeze
> >>and wheezy? I would recommend to do so. If you like, I can prepare a
> >>debdiff for both.
> >I am currently very short on time, so yes: that would be appreciated.
> I just prepared packages for squeeze-security (3.2.1-2+squeeze2 just
> fixing #714171) and wheezy-security (3.4.1-3+wheezy1, fixing #714171
> and #710356).

Thanks for preparing updates!

Note that this issue is marked 'no-dsa' in the tracker[1], meaning
it's not planned to release a DSA for it. Could you contact stable
release managers[2] for having the fixes included trough a
proposed-updates (both for squeeze and wheezy)?

[I see the second debdiff for wheezy also includes a further change, so
this will also need an ack from the stable release managers.]

 [1] https://security-tracker.debian.org/tracker/CVE-2013-2214
 [2] http://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable

Hope that helps,


More information about the Pkg-nagios-devel mailing list