[Pkg-nagios-devel] Bug#865497: CVE-2017-9781 not yet fixed in 1.2.8p26-1?
Salvatore Bonaccorso
carnil at debian.org
Fri Oct 6 21:28:15 UTC 2017
Control: notfixed -1 1.2.8p26-1
Hi!
On Fri, Oct 06, 2017 at 09:09:03PM +0000, Debian Bug Tracking System wrote:
> This is an automatic notification regarding your Bug report
> which was filed against the src:check-mk package:
>
> #865497: check-mk: CVE-2017-9781: reflected XSS in webapi.py
I looked up the source for 1.2.8p26-1.
The fix for CVE-2017-9781 is
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=c248f0b6ff7b15ced9f07a3df8a80fad656ea5b1
which does not yet seem to be applied to 1.2.8p26-1?
Can you please double-check?
Note, there is a second CVE now for check-mk, that one got addressed
in 1.2.8p26, but it's not clear yet in which version in was
introduced.
Regards,
Salvatore
More information about the Pkg-nagios-devel
mailing list