[Pkg-nagios-devel] Bug#742689: check-mk: more CVE info

Potter, Tim (Cloud Services) timothy.potter at hp.com
Fri Mar 13 22:41:41 UTC 2015


On Fri, 09 Jan 2015 12:09:46 -0800 Matt Taggart <taggart at debian.org> wrote:

> Most of the links on
>  https://security-tracker.debian.org/tracker/CVE-2014-2330
>  https://security-tracker.debian.org/tracker/CVE-2014-2331
>
> don't give any info, the RedHat link is for the full set of things and
> it's not clear to me if they fixed these explicitly. Maybe the brief
> descriptions on the packetstormsecurity will be enough for someone
> on the security team to determine if there is anything to be done.

Hi Matt.  The RedHat link has since been updated to say that CVE-2014-2330 and CVE-2014-2331 are cross-site scripting issues and are fixed in versions 1.2.2p3 and 1.2.3i5.


Tim.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.alioth.debian.org/pipermail/pkg-nagios-devel/attachments/20150313/370ac2ea/attachment.sig>


More information about the Pkg-nagios-devel mailing list