Your message dated Fri, 07 Dec 2007 00:17:02 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#445475: fixed in nagios-plugins 1.4.10-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: nagios-plugins
Severity: grave
Tags: security
Justification: user security hole
Hi
The following CVE[0] has been issued against nagios-plugins.
CVE-2007-5198:
Buffer overflow in the redir function in check_http.c in Nagios Plugins
before 1.4.10 allows remote web servers to execute arbitrary code via
long Location header responses (redirects).
Could you please investigate this?
Thanks for your efforts.
Cheers
Steffen
[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5198
--- End Message ---
--- Begin Message ---
Source: nagios-plugins
Source-Version: 1.4.10-1
We believe that the bug you reported is fixed in the latest version of
nagios-plugins, which is due to be installed in the Debian FTP archive:
nagios-plugins-basic_1.4.10-1_amd64.deb
to pool/main/n/nagios-plugins/nagios-plugins-basic_1.4.10-1_amd64.deb
nagios-plugins-standard_1.4.10-1_amd64.deb
to pool/main/n/nagios-plugins/nagios-plugins-standard_1.4.10-1_amd64.deb
nagios-plugins_1.4.10-1.diff.gz
to pool/main/n/nagios-plugins/nagios-plugins_1.4.10-1.diff.gz
nagios-plugins_1.4.10-1.dsc
to pool/main/n/nagios-plugins/nagios-plugins_1.4.10-1.dsc
nagios-plugins_1.4.10-1_all.deb
to pool/main/n/nagios-plugins/nagios-plugins_1.4.10-1_all.deb
nagios-plugins_1.4.10.orig.tar.gz
to pool/main/n/nagios-plugins/nagios-plugins_1.4.10.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sean Finney <[EMAIL PROTECTED]> (supplier of updated nagios-plugins package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 07 Dec 2007 00:55:42 +0100
Source: nagios-plugins
Binary: nagios-plugins nagios-plugins-basic nagios-plugins-standard
Architecture: source amd64 all
Version: 1.4.10-1
Distribution: unstable
Urgency: low
Maintainer: Debian Nagios Maintainer Group <[EMAIL PROTECTED]>
Changed-By: Sean Finney <[EMAIL PROTECTED]>
Description:
nagios-plugins - Plugins for the nagios network monitoring and management
system
nagios-plugins-basic - Plugins for the nagios network monitoring and
management system
nagios-plugins-standard - Plugins for the nagios network monitoring and
management system
Closes: 445475 447639 448372 449671 453012
Changes:
nagios-plugins (1.4.10-1) unstable; urgency=low
.
* new upstream
- fixes CVE-2007-5198 (closes: #445475, #447639), thanks Steffen Joeris
and Nico Golde for NMU.
- fix for negate which may break existing commands:
stop evaluating command line options through shell twice
enforce a full path for the command to run
* add interface check with exclude to ifstatus.cfg
* add ssh check with possibility of port specification to ssh.cfg
* included fix for watch file provided by Raphael Geissert, thanks (closes:
#449671).
* include fix for several typos provided by Luca Falavigna, thanks (closes:
#453012).
* merge changes from and ack NMU. Thanks Nico Golde (closes: #448372).
* Don't ignore errors from make clean
* Bump standards version to 3.7.3
* added Vcs- fields and Homepage into source header's field
* modify 00list so 06_checkircd.dpatch can get patched in
* removed libsnmp5-dev as depency option and turned around order of
libsnmp9-dev and libsnmp-dev, since only libsnmp-dev is in unstable and
libsnmp9-dev in stable
Files:
c58d88069b4b032a62acdc9a4bd7b0f8 1220 net extra nagios-plugins_1.4.10-1.dsc
c67841223864ae1626ab2adb2f0b4c9d 1693979 net extra
nagios-plugins_1.4.10.orig.tar.gz
7b59cfe2088a2c06bf012dd0e00b6eb3 26942 net extra
nagios-plugins_1.4.10-1.diff.gz
34c33161be1db555cfbf1b17e74ca894 101054 net extra
nagios-plugins_1.4.10-1_all.deb
f3d8a86c0e1272023854234d04b1c8df 573866 net extra
nagios-plugins-basic_1.4.10-1_amd64.deb
3abf9d2a2677e36c7245be3e2309af23 256832 net extra
nagios-plugins-standard_1.4.10-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHWI2AynjLPm522B0RAmxtAJ9ceXbnUn6qf4ju7oCFaEul8v/nQgCfVQOV
h6ivMA2p8ul/E8BowckZfMs=
=Ven4
-----END PGP SIGNATURE-----
--- End Message ---
