hi ethan, any care to comment on this? i'm really swamped right now and just spent all of last weekend fixing 4 CVE's for mysql, so i would really appreciate it if you (or someone else on the list) could forward my the relevant patch from the 1.x branch if/when it exists so we can prepare an update for the debian sarge and woody packages.
sean
----- Forwarded message from Stefan Fritsch <[EMAIL PROTECTED]> -----
Date: Wed, 10 May 2006 13:23:59 +0200 (CEST)
From: Stefan Fritsch <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [Pkg-nagios-devel] Bug#366683: CVE-2006-2162: Buffer overflow in
nagios
Package: nagios2
Severity: grave
Justification: user security hole
Tags: security
CVE-2006-2162:
Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before
2.3 allows remote attackers to execute arbitrary code via a negative
content length (Content-Length) HTTP header.
See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2162
_______________________________________________
Pkg-nagios-devel mailing list
[EMAIL PROTECTED]
http://lists.alioth.debian.org/mailman/listinfo/pkg-nagios-devel
----- End forwarded message -----
--
signature.asc
Description: Digital signature
