Re: xymon vulnerabilities in jessie, stretch and buster

To: Moritz Mühlenhoff <jmm@inutil.org>
Cc: Hugo Lefeuvre <hle@debian.org>, team@security.debian.org, debian-lts@lists.debian.org, abe@debian.org, myon@debian.org
Subject: Re: xymon vulnerabilities in jessie, stretch and buster
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Tue, 20 Aug 2019 13:55:52 +0100
Message-id: <[🔎] 1af7a93319d2382265562601fa577c28@mail.adam-barratt.org.uk>
In-reply-to: <[🔎] 20190819195405.GA1699@pisco.westfalen.local>
References: <[🔎] 20190819122709.xwr3b4odkavpa4ug@behemoth.owl.eu.com.local> <[🔎] 20190819195405.GA1699@pisco.westfalen.local>

On 2019-08-19 20:54, Moritz Mühlenhoff wrote:

On Mon, Aug 19, 2019 at 02:27:09PM +0200, Hugo Lefeuvre wrote:
Hi,
I just had a look at xymon's vulnerabilities in jessie, stretch andbuster.
Upstream claims some of these issues to be exploitable, among othersthe XSS
vulnerability. I plan to address at least this one in jessie.
I see that Moritz and Axel already discussed this on upstream'smailing list,however the tracker has not been updated yet. Is anybody working onit? If not,
I can take some time to do it.
These are scheduled via the next 9.10 and 10.1 point releases, but itseems
we missed to mark it as no-dsa yet, I'll fix that in a bit.

There doesn't appear to be a request for either a buster or stretchupdate yet, for the record.


Regards,

Adam

Reply to:

Follow-Ups:
- Re: xymon vulnerabilities in jessie, stretch and buster
  - From: Hugo Lefeuvre <hle@debian.org>

References:
- xymon vulnerabilities in jessie, stretch and buster
  - From: Hugo Lefeuvre <hle@debian.org>
- Re: xymon vulnerabilities in jessie, stretch and buster
  - From: Moritz Mühlenhoff <jmm@inutil.org>

Prev by Date: Bug#935082: openjdk-7: Missed sun.security.ec package
Next by Date: Re: xymon vulnerabilities in jessie, stretch and buster
Previous by thread: Re: xymon vulnerabilities in jessie, stretch and buster
Next by thread: Re: xymon vulnerabilities in jessie, stretch and buster
Index(es):
- Date
- Thread