[Pkg-nagios-devel] Bug#865497: CVE-2017-9781 not yet fixed in 1.2.8p26-1?

Salvatore Bonaccorso carnil at debian.org
Fri Oct 6 21:28:15 UTC 2017

Control: notfixed -1 1.2.8p26-1


On Fri, Oct 06, 2017 at 09:09:03PM +0000, Debian Bug Tracking System wrote:
> This is an automatic notification regarding your Bug report
> which was filed against the src:check-mk package:
> #865497: check-mk: CVE-2017-9781: reflected XSS in webapi.py

I looked up the source for 1.2.8p26-1.

The fix for CVE-2017-9781 is 


which does not yet seem to be applied to 1.2.8p26-1?

Can you please double-check?

Note, there is a second CVE now for check-mk, that one got addressed
in 1.2.8p26, but it's not clear yet in which version in was


More information about the Pkg-nagios-devel mailing list