Hi Henri,
These information are correct, but IMO this situation is not sufficient
to close this bug because the user can activate it by himself and be
exposed to the security hole.
The patch for this issue will reach Sid tonight and I'll see how to
backport it to Wheezy.
Regards,
Carl Chenet
-
On Fri, Jul 12, 2013 at 08:44:00AM +0200, cha...@ohmytux.com wrote:
> Thanks for your bug report, it's appreciated. I was aware of this
> situation and I'm packaging the 0.9.9.1 to solve this issue. Will be
> ready soon.
Please also note comment in security-tracker[1]:
"update checks are disabled
On Thu, 11 Jul 2013 21:20:09 +0300, Henri Salo wrote:
> Package: nagstamon
> Version: 0.9.9-1
> Severity: important
> Tags: security
>
> Nagstamon (prior 0.9.10): Monitor server user credentials exposure in
> automated
> requests to get update information
>
> References:
> http://openwall.com/li
Package: nagstamon
Version: 0.9.9-1
Severity: important
Tags: security
Nagstamon (prior 0.9.10): Monitor server user credentials exposure in automated
requests to get update information
References:
http://openwall.com/lists/oss-security/2013/07/11/3
http://nagstamon.ifw-dresden.de/docs/security/
4 matches
Mail list logo
