[Pkg-nagios-devel] Fixing CVE-2016-9566 in Icinga & Nagios
Sebastiaan Couwenberg
sebastic at xs4all.nl
Fri Dec 23 09:17:34 UTC 2016
Hi all,
Icinga upstream has released bugfix releases for the various Icinga 1.x
branches fixing CVE-2016-9566. [0]
I've updated the package to 1.13.4 for unstable, although we can
consider updating to 1.14.0 too. 1.13.4 was the least invasive choice
since it only contains the fix for CVE-2016-9566.
That still leaves icinga 1.11.6-1 in jessie and 1.7.1-7 in wheezy to fix.
The LTS team has already fixed nagios3 for wheezy, which leaves
3.5.1.dfsg-2 in jessie and 3.5.1.dfsg-2.2 in stretch affected.
nagios3 3.5.1.dfsg-2.2 should really be removed from testing, but some
reverse dependencies (nagios2mantis specifically) are still preventing
that. [1][2]
I can prepare security updates for the icinga packages in jessie &
wheezy, as well as the nagios3 packages unless others want to help out
to spread the work.
[0] https://security-tracker.debian.org/tracker/CVE-2016-9566
[1]
https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=nagios3-rm;users=pkg-nagios-devel@lists.alioth.debian.org
[2] https://release.debian.org/britney/update_output.txt
Kind Regards,
Bas
--
GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
More information about the Pkg-nagios-devel
mailing list