On Tue, 22 Jan 2013, Jonathan Wiltshire wrote: > On 2013-01-20 19:54, Alexander Wirt wrote: > >On Sun, 20 Jan 2013, Moritz Mühlenhoff wrote: > > > >>On Fri, Jan 11, 2013 at 03:56:25PM +0000, Jonathan Wiltshire wrote: > >>> Control: found -1 3.2.1-2 > >>> > >>> On 2013-01-11 13:50, Moritz Muehlenhoff wrote: > >>> >Package: nagios3 > >>> >Severity: grave > >>> >Tags: security > >>> >Justification: user security hole > >>> > > >>> >This was assigned CVE-2012-6096: > >>> > > >>> >http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0108.html > >>> > > >>> >Fix: > >>> > > >>> >http://nagios.svn.sourceforge.net/viewvc/nagios?view=revision&revision=2547 > >>> > >>> I tested against squeeze and reproduced the problem. We use nagios > >>> at work so I'm happy to prepare DSA packages if required. > >> > >>Jonathan, can you prepare packages for stable-security now that > >>we have > >>a final patch? > >We have? We have an icinga patch, its still on my list to check > >the nagios > >patch if it fixes really all problems... > > I'm more than happy to test packages at work and write DSA text and > so on but I don't have the knowledge of nagios to be able to do the > patch preparation. You can go ahead for icinga (I already attached the patch). I'll see about a patch for nagios later in the evening.
Alex -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
