On Fri, May 12, 2006 at 06:24:21AM +0200, Martin Schulze wrote: > Please let me know the version in sid that will have this problem > fixed once you know it.
for nagios 1.x: 1.4-1 (or 2:1.4-1, since there's an epoch i guess)
for nagios 2.x: 2.3-1
both are recently uploaded.
i've made a diff.gz of the sarge version available at:
http://people.debian.org/~seanius/nagios/nagios_1.3-cvs.20050402-2.sarge.2.diff.gz
though there's no difference wrt your patch other than cosmetics and
different dpatch names. also, there is a
http://people.debian.org/~seanius/nagios/CVE-2006-2162.sh
which is a quick PoC i threw together to test the cgi's from the
cmdline.
sean
signature.asc
Description: Digital signature
