-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 01 May 2025 00:54:13 +0200
Source: nagvis
Architecture: source
Version: 1:1.9.25-2+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>
Changed-By: Daniel Leidert <dleidert@debian.org>
Changes:
nagvis (1:1.9.25-2+deb11u1) bullseye-security; urgency=medium
.
* Non-maintainer team upload by the Debian LTS team.
* d/patches/CVE-2021-33178.patch: Add patch to fix CVE-2021-33178.
- Fix a path traversal vulnerability that can be exploited by a malicious
actor to arbitrarily delete files on the local system.
* d/patches/CVE-2022-3979.patch: Add patch to fix CVE-2022-3979.
- Fix a type juggling vulnerability in cookie hash processing.
* d/patches/CVE-2022-46945.patch: Add patch to fix CVE-2022-46945.
- Mitigate an arbitrary file read vulnerability.
* d/patches/CVE-2023-46287.patch: Add patch to fix CVE-2023-46287.
- Fix a XSS vulnerability.
* d/patches/CVE-2024-47093-1.patch, d/patches/CVE-2024-47093-2.patch,
d/patches/CVE-2024-47093-3.patch, d/patches/CVE-2024-47093-4.patch,
d/patches/CVE-2024-47093-5.patch: Add patches to fix CVE-2024-13722,
CVE-2024-13723, and CVE-2024-47093:
- Fix XSS in std_table.php gadget.
- Fix potential RCE due to being able to upload malicious maps.
- Prevent XSS in NagVis.
- Fix potential RCE due to already uploaded malicious maps by configuring
authorisation_multisite_file.
- Fix XSS for malicious graph elements.
Checksums-Sha1:
f0cbab0e9f100f6eae97725d6505d99a17e75fa0 2120 nagvis_1.9.25-2+deb11u1.dsc
b202ad06413911a928a58783308217c3ac45e2ab 1805057 nagvis_1.9.25.orig.tar.gz
5c531d8dcfb9888757a6abae42944d4f4e7d278a 178608 nagvis_1.9.25-2+deb11u1.debian.tar.xz
fee3d20c9590bb4131e4054abbfb7acc413a2976 6420 nagvis_1.9.25-2+deb11u1_amd64.buildinfo
Checksums-Sha256:
3cfa9e4b4d15fadf584c8171f14f2c0d562e572b43b5fe1049b6c7e2ea370a73 2120 nagvis_1.9.25-2+deb11u1.dsc
4699f6ebb8d7edefc1369d99f91a51df2a038b1e2bbfafc5dac57d7763964edf 1805057 nagvis_1.9.25.orig.tar.gz
f1e361dc9cb696dce5377a5909a776148d4cdea3ca9e2720bc03d2647c75cbec 178608 nagvis_1.9.25-2+deb11u1.debian.tar.xz
15202ba7249b9932817818e9bf5da76283c7544ab0d5cc16d83bf428261c1ade 6420 nagvis_1.9.25-2+deb11u1_amd64.buildinfo
Files:
7845cd04dc64967fa98aa5a51bdff59b 2120 net optional nagvis_1.9.25-2+deb11u1.dsc
3538306bde40692429ac0bdfc35cbe9c 1805057 net optional nagvis_1.9.25.orig.tar.gz
3af68d847405b252173b33ccde948dbb 178608 net optional nagvis_1.9.25-2+deb11u1.debian.tar.xz
3b8947c7ca8b7a369dd2ead148f7e328 6420 net optional nagvis_1.9.25-2+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmgStlEACgkQS80FZ8KW
0F0zCBAA0ppYMIy16Wlh8aEITKS0H5FnMCQpKHUlDDYa+hlzSnMRXOBl/uVkftiE
I8viwvajfWwltbLbKLnPWhWMBjyR6/NP5XCw9p+2YBoaYLnRo9787W7QHBPoHFbJ
A2cwQV+tpbj0PJtUcFQQ0fTqkPfHd/nCJveiO24X56hwW/gfFaK8DjaK4J1PJpkZ
tzvTKfueJIMdbX+cL58i8toYtHnU0A/Ot/WyV016uQmyo7kV/AyxDdFfJR/P2OLE
6G8VaDoqKvNyBYo9PLUSPL+ivI4PBu6sFOQsobCDOppKzvKHu69tvPNCCziyQVEC
fqiA4Rc1v5SmVOh4caFYeP28CoK7icV+sKTjckqGXDzGGgPB8xtrhVqw26oHYasC
amXCHs5t1Z+7/9uNOSIhQuKhvFILYA8VRPvWdzhuV6CRgWzr0y8Eoq8ZFQ4CdR37
HJ+fkAPuoes1Af5wrXkb2u4GRVd4/TVKH3rcovFjCoaWoRML1T/wLezKiuGk08+x
eU09b0Fgdz1rLnFaqNUG3knMtoYFKpL55g5K5t8HEUuEkWpAyAsYE/wnG2VHT062
x46kXgNILwYds19RElYyNKCj5HgBHV318hdZ/uUyncmIkWwZ+zIHnQCls7cCzGHT
PcuztY5BitBGFCpWbBxPPoPuJTA5WEUJG52n0ExqvK5PV2M7hK4=
=gwXi
-----END PGP SIGNATURE-----
Attachment:
pgpctgTXI1YqX.pgp
Description: PGP signature