Control: notfixed -1 1.2.8p26-1 Hi!
On Fri, Oct 06, 2017 at 09:09:03PM +0000, Debian Bug Tracking System wrote: > This is an automatic notification regarding your Bug report > which was filed against the src:check-mk package: > > #865497: check-mk: CVE-2017-9781: reflected XSS in webapi.py I looked up the source for 1.2.8p26-1. The fix for CVE-2017-9781 is http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=c248f0b6ff7b15ced9f07a3df8a80fad656ea5b1 which does not yet seem to be applied to 1.2.8p26-1? Can you please double-check? Note, there is a second CVE now for check-mk, that one got addressed in 1.2.8p26, but it's not clear yet in which version in was introduced. Regards, Salvatore
