[Pkg-nagios-devel] Bug#865497: CVE-2017-9781 not yet fixed in 1.2.8p26-1?

Salvatore Bonaccorso carnil at debian.org
Fri Oct 6 21:28:15 UTC 2017


Control: notfixed -1 1.2.8p26-1

Hi!

On Fri, Oct 06, 2017 at 09:09:03PM +0000, Debian Bug Tracking System wrote:
> This is an automatic notification regarding your Bug report
> which was filed against the src:check-mk package:
> 
> #865497: check-mk: CVE-2017-9781: reflected XSS in webapi.py

I looked up the source for 1.2.8p26-1.

The fix for CVE-2017-9781 is 

http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=c248f0b6ff7b15ced9f07a3df8a80fad656ea5b1

which does not yet seem to be applied to 1.2.8p26-1?

Can you please double-check?


Note, there is a second CVE now for check-mk, that one got addressed
in 1.2.8p26, but it's not clear yet in which version in was
introduced.

Regards,
Salvatore



More information about the Pkg-nagios-devel mailing list