Bug#885183: stretch-pu: package ntopng/2.4+dfsg1-3+deb9u1

["Adam D. Barratt" <adam@adam-barratt.org.uk>]

On Fri, 2018-11-09 at 06:55 +0100, Salvatore Bonaccorso wrote:
> Hi Ludovico,
> 
> On Sat, Feb 10, 2018 at 10:25:47AM +0100, Julien Cristau wrote:
> > Control: tag -1 confirmed
> > 
> > On Mon, Dec 25, 2017 at 21:26:58 +0100, Ludovico Cavedon wrote:
> > 
> > > I would like to submit to your consideration an update to ntopng
> > > in
> > > stretch.
> > > 
> > > The main bug that triggered this upload is #856048, which causes
> > > the
> > > user management and preferences section of the web interface to
> > > be unusuable.
> > > 
> > > The fix is already in version 2.4+dfsg1-4 in unstable.
> > > 
> > > There are three additional important issues from 2.4+dfsg1-4 that
> > > I
> > > think it would make sense to include:
> > > - #859653 which causes ntopng to crash if the mysql backend is
> > > selected.
> > >   This change only affects mysql users. On the other side it is
> > > an
> > >   obvious usage-after-free and out-of-bound memeory access
> > > issues.
> > > - #866721 and #866719, which are securirity-related issues. Do
> > > you want
> > >   me to reach out to the security team about these first? Do we
> > > need to
> > >   treat the whole update as a security one instead, or split it?
> > > 
> > 
> > Assuming this has been properly tested in a stretch environment,
> > please
> > go ahead and upload.
> 
> Friendly ping ;-)

Re-ping.

If nothing happens within a couple of weeks then I plan on closing this
bug.

Regards,

Adam