Seems like there was some confusion here. CVE-2013-7106 affected Icinga only but CVE-2013-7108 affects both Icinga and Nagios3.
CVE-2013-7108 is still unpatched for Nagios3 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-7106 ** Also affects: nagios3 (Ubuntu) Importance: Undecided Status: New ** Description changed: - Seems like the version shipped in Ubuntu Precise suffers from CVE-2013-7106 (buffer overflows) + Seems like the version shipped in Ubuntu Precise suffers from CVE-2013-7108 (buffer overflows) 1) Description: Ubuntu 12.04.4 LTS Release: 12.04 2) apt-cache policy icinga icinga: - Installed: 1.6.1-2 - Candidate: 1.6.1-2 - Version table: - *** 1.6.1-2 0 - 500 http://archive.ubuntu.com/ubuntu/ precise/universe amd64 Packages - 100 /var/lib/dpkg/status + Installed: 1.6.1-2 + Candidate: 1.6.1-2 + Version table: + *** 1.6.1-2 0 + 500 http://archive.ubuntu.com/ubuntu/ precise/universe amd64 Packages + 100 /var/lib/dpkg/status A lot of info plus patches exist here: https://dev.icinga.org/issues/5251 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1279826 Title: CVE-2013-7108 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/icinga/+bug/1279826/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
