[Pkg-nagios-devel] Bug#1087384: Bug#1087384: CVE-2024-49369: Security: fix TLS certificate validation bypass.

Sebastiaan Couwenberg sebastic at xs4all.nl
Fri Nov 15 04:12:08 GMT 2024


On 11/14/24 9:05 PM, Louis-Philippe Véronneau wrote:
> I think this bug should be reopen and a security upload should be made ASAP to fix this critical issue.

It's not that critical, to quote the security tracker:

"
  [bookworm] - icinga2 <no-dsa> (Will be fixed via point release; Only affects deployments with access to Icinga API via client certificates)
"

The bookworm-pu has been submitted:

  https://bugs.debian.org/1087411

You can build the bookworm branch yourself if you want to deploy the fix sooner:

  https://salsa.debian.org/nagios-team/icinga2/-/tree/bookworm?ref_type=heads

Kind Regards,

Bas

-- 
  GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1



More information about the Pkg-nagios-devel mailing list