Hi Sebastiaan, On Mon, Sep 14, 2020 at 07:09:05AM +0200, Sebastiaan Couwenberg wrote: > On 9/14/20 6:38 AM, Sebastiaan Couwenberg wrote: > > On 9/14/20 5:41 AM, Sebastiaan Couwenberg wrote: > >> On 9/13/20 10:39 PM, Moritz Muehlenhoff wrote: > >>> Please see https://www.openwall.com/lists/oss-security/2020/06/12/1 > >> > >> This is fixed upstream in: > >> > >> v2.12.0 v2.11.5 v2.11.4 > >> > >> The former is already in experimental, and the 2.11 package in unstable > >> will be updated to .5 to have the fix as well. > > > > icinga2 (2.11.5-1) has been uploaded to unstable. > > The update for buster is also available: > > https://salsa.debian.org/nagios-team/pkg-icinga2/-/commits/buster > > Is it alright to upload the -sa build to security-master?
This is likely a no-dsa candidate, but can you fix the issue via the upcoming point release? The window for uploads should be closing the upcoming weekend for inclusion in 10.6. Regards, Salvatore
