[Pkg-nagios-devel] Fixing CVE-2016-9566 in Icinga & Nagios
Sebastiaan Couwenberg
sebastic at xs4all.nl
Fri Dec 23 09:54:42 UTC 2016
On 12/23/2016 10:46 AM, Alexander Wirt wrote:
> On Fri, 23 Dec 2016, Sebastiaan Couwenberg wrote:
>
>> On 12/23/2016 10:32 AM, Alexander Wirt wrote:
>>> On Fri, 23 Dec 2016, Sebastiaan Couwenberg wrote:
>>>> Icinga upstream has released bugfix releases for the various Icinga 1.x
>>>> branches fixing CVE-2016-9566. [0]
>>>>
>>>> I've updated the package to 1.13.4 for unstable, although we can
>>>> consider updating to 1.14.0 too. 1.13.4 was the least invasive choice
>>>> since it only contains the fix for CVE-2016-9566.
>>>
>>> Didn't I asked you NOT to touch icinga?
>>>
>>> We - Markus and I - are part of upstream and will handle those things on our
>>> own.
>>>
>>> I am a little bit annoyed that you touched icinga.
>>
>> Fine, I'll never touch icina again.
>>
>> Very disappointing.
>
> I asked you friendly in advance to talk to use before touching the package
> and you refused that wish. What do you expect?
People being glad to get help.
The fact that the LTS team fixed the CVE before the maintainers is not
encouraging.
The packages maintained by the Nagios team are not in great shape, which
I suspected was caused by the maintainers being too busy with real life
to deal with the packages.
Now I'm starting to think your attitude is scaring away contributors.
Kind Regards,
Bas
--
GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
More information about the Pkg-nagios-devel
mailing list