[Pkg-nagios-devel] Fixing CVE-2016-9566 in Icinga & Nagios
sebastic at xs4all.nl
Fri Dec 23 09:17:34 UTC 2016
Icinga upstream has released bugfix releases for the various Icinga 1.x
branches fixing CVE-2016-9566. 
I've updated the package to 1.13.4 for unstable, although we can
consider updating to 1.14.0 too. 1.13.4 was the least invasive choice
since it only contains the fix for CVE-2016-9566.
That still leaves icinga 1.11.6-1 in jessie and 1.7.1-7 in wheezy to fix.
The LTS team has already fixed nagios3 for wheezy, which leaves
3.5.1.dfsg-2 in jessie and 3.5.1.dfsg-2.2 in stretch affected.
nagios3 3.5.1.dfsg-2.2 should really be removed from testing, but some
reverse dependencies (nagios2mantis specifically) are still preventing
I can prepare security updates for the icinga packages in jessie &
wheezy, as well as the nagios3 packages unless others want to help out
to spread the work.
GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
More information about the Pkg-nagios-devel