Your message dated Sat, 04 Jun 2011 19:18:52 +0000
with message-id <e1qswn2-0000bc...@franck.debian.org>
and subject line Bug#629127: fixed in nagios3 3.2.3-3
has caused the Debian Bug report #629127,
regarding several XSS issues
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
629127: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629127
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: nagios3
Severity: serious
Tags: security
Hi,
Two XSS issues have been reported for Nagios and Icinga:
CVE-2011-2179: http://tracker.nagios.org/view.php?id=224
CVE-2011-1523: http://tracker.nagios.org/view.php?id=207
Can you please see to it that these are fixed in unstable and testing, and
determine whether an update for (old)stable is also necessary? Please
mention the CVE id's in any changelog entry.
Thanks,
Thijs
--- End Message ---
--- Begin Message ---
Source: nagios3
Source-Version: 3.2.3-3
We believe that the bug you reported is fixed in the latest version of
nagios3, which is due to be installed in the Debian FTP archive:
nagios3-cgi_3.2.3-3_amd64.deb
to main/n/nagios3/nagios3-cgi_3.2.3-3_amd64.deb
nagios3-common_3.2.3-3_all.deb
to main/n/nagios3/nagios3-common_3.2.3-3_all.deb
nagios3-core_3.2.3-3_amd64.deb
to main/n/nagios3/nagios3-core_3.2.3-3_amd64.deb
nagios3-dbg_3.2.3-3_amd64.deb
to main/n/nagios3/nagios3-dbg_3.2.3-3_amd64.deb
nagios3-doc_3.2.3-3_all.deb
to main/n/nagios3/nagios3-doc_3.2.3-3_all.deb
nagios3_3.2.3-3.diff.gz
to main/n/nagios3/nagios3_3.2.3-3.diff.gz
nagios3_3.2.3-3.dsc
to main/n/nagios3/nagios3_3.2.3-3.dsc
nagios3_3.2.3-3_amd64.deb
to main/n/nagios3/nagios3_3.2.3-3_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 629...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alexander Wirt <formo...@debian.org> (supplier of updated nagios3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 04 Jun 2011 20:22:20 +0200
Source: nagios3
Binary: nagios3-common nagios3-cgi nagios3 nagios3-core nagios3-doc nagios3-dbg
Architecture: source amd64 all
Version: 3.2.3-3
Distribution: unstable
Urgency: high
Maintainer: Debian Nagios Maintainer Group
<pkg-nagios-de...@lists.alioth.debian.org>
Changed-By: Alexander Wirt <formo...@debian.org>
Description:
nagios3 - A host/service/network monitoring and management system
nagios3-cgi - cgi files for nagios3
nagios3-common - support files for nagios3
nagios3-core - A host/service/network monitoring and management system core
file
nagios3-dbg - debugging symbols and debug stuff for nagios3
nagios3-doc - documentation for nagios3
Closes: 629127
Changes:
nagios3 (3.2.3-3) unstable; urgency=high
.
* [9149473] Fix CVE-2011-2179: XSS via expand function in config.cgi
(Closes: #629127).
* [b5f30e1] Fix for CVE-2011-1523: XSS problem in statusmap.cgi (Closes:
#629127)
Checksums-Sha1:
f262c08b7aa0790666d7572daac022f6b5ae68a4 1498 nagios3_3.2.3-3.dsc
97155056932e5f342a58d2edb7755352626e705e 43401 nagios3_3.2.3-3.diff.gz
c2b9304fd5cecd23f9344e48ebc05576ba794761 1569988 nagios3-cgi_3.2.3-3_amd64.deb
0b5b7db147292c2b111bae669ed645492754c929 1432 nagios3_3.2.3-3_amd64.deb
d63d07ef1dcc2e80e886b2a31727636c812f3785 279634 nagios3-core_3.2.3-3_amd64.deb
bad600fe38efc7c91b56028927a826e6c4a20b42 3301310 nagios3-dbg_3.2.3-3_amd64.deb
89ad509e3595c23684add5ff36478454a2be47a2 80072 nagios3-common_3.2.3-3_all.deb
a696462d22c77f546c9d3d71caab11987ac76928 2002512 nagios3-doc_3.2.3-3_all.deb
Checksums-Sha256:
1ffeea67001aa31c524dc46a882a20887bd544d4515ddd669828e7eb016c92e9 1498
nagios3_3.2.3-3.dsc
012cc359a7dc933b87dc0ad27953ca475808ee53aed60a081bb1bf8505acd420 43401
nagios3_3.2.3-3.diff.gz
7f2e30c3ad30aa0e1af0c2fea93b34f40c3b7422494dbdb7bb22da1696239932 1569988
nagios3-cgi_3.2.3-3_amd64.deb
0eb74173dbb1065617d63d7cb343e043bfa971731dfaa71b9068913edef128bf 1432
nagios3_3.2.3-3_amd64.deb
e58fd54baed2f64af8e0475c6770c00a798db3de9fab811afefd9caab8471048 279634
nagios3-core_3.2.3-3_amd64.deb
28a591c585aa4981ac7604c1dd13093ab977efdc18113efc5cd195be6adcf297 3301310
nagios3-dbg_3.2.3-3_amd64.deb
2e7067f3385e4019601deeadc92914e510b5685b80b5cb9f63a51d9b7278afbb 80072
nagios3-common_3.2.3-3_all.deb
9a1f3dd7fd61743c60a6c785d291410b895272be2893e91e4bc00fcb39dd865e 2002512
nagios3-doc_3.2.3-3_all.deb
Files:
268d9f9febf7f644cfcf45a8bc5dd371 1498 net optional nagios3_3.2.3-3.dsc
f25e900c6a8a3dc949fd6dba3b677d67 43401 net optional nagios3_3.2.3-3.diff.gz
b48b745791414e50af549a70d1eddb53 1569988 net optional
nagios3-cgi_3.2.3-3_amd64.deb
0d0e7fd269dbda68700ab0a079f342c3 1432 net optional nagios3_3.2.3-3_amd64.deb
02504807af37cc02d4fae287b9e4950f 279634 net optional
nagios3-core_3.2.3-3_amd64.deb
957ce07165bc88441fac0f33267b3562 3301310 debug extra
nagios3-dbg_3.2.3-3_amd64.deb
1541920ea701d6d25ba372b75450415d 80072 net optional
nagios3-common_3.2.3-3_all.deb
d48834482909fb12257adf40c3212207 2002512 doc optional
nagios3-doc_3.2.3-3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk3qgP8ACgkQ01u8mbx9AgrXsACgtQh5fV8qDWfHCmJR85taSyA9
ZbkAoMimPWPN93jOcd1W6hAlvezznJwl
=fcqb
-----END PGP SIGNATURE-----
--- End Message ---
