Source: nagvis Version: 1:1.9.46-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: fixed -1 1:1.9.47-1~exp1
Hi, The following vulnerabilities were published for nagvis. Making the severity RC as the fixes should go into trixie before trixie release. CVE-2024-38866[0]: | Improper neutralization of input in Nagvis before version 1.9.47 | which can lead to livestatus injection CVE-2024-47090[1]: | Improper neutralization of input in Nagvis before version 1.9.47 | which can lead to XSS If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-38866 https://www.cve.org/CVERecord?id=CVE-2024-38866 https://github.com/NagVis/nagvis/commit/6493722cf52436dbafb2b9f1c20c3ab8b663ad0f [1] https://security-tracker.debian.org/tracker/CVE-2024-47090 https://www.cve.org/CVERecord?id=CVE-2024-47090 https://github.com/NagVis/nagvis/commit/5baf87d30175357aaa39e42ff0d99fb0abefbc06 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
