[Pkg-nagios-devel] Bug#970252: Bug#970252: Bug#970252: CVE-2020-14004

Salvatore Bonaccorso carnil at debian.org
Tue Sep 15 05:56:16 BST 2020


Hi Sebastiaan,

On Mon, Sep 14, 2020 at 07:09:05AM +0200, Sebastiaan Couwenberg wrote:
> On 9/14/20 6:38 AM, Sebastiaan Couwenberg wrote:
> > On 9/14/20 5:41 AM, Sebastiaan Couwenberg wrote:
> >> On 9/13/20 10:39 PM, Moritz Muehlenhoff wrote:
> >>> Please see https://www.openwall.com/lists/oss-security/2020/06/12/1
> >>
> >> This is fixed upstream in:
> >>
> >>  v2.12.0 v2.11.5 v2.11.4
> >>
> >> The former is already in experimental, and the 2.11 package in unstable
> >> will be updated to .5 to have the fix as well.
> > 
> > icinga2 (2.11.5-1) has been uploaded to unstable.
> 
> The update for buster is also available:
> 
>  https://salsa.debian.org/nagios-team/pkg-icinga2/-/commits/buster
> 
> Is it alright to upload the -sa build to security-master?

This is likely a no-dsa candidate, but can you fix the issue via the
upcoming point release?

The window for uploads should be closing the upcoming weekend for
inclusion in 10.6.

Regards,
Salvatore



More information about the Pkg-nagios-devel mailing list