[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: xymon vulnerabilities in jessie, stretch and buster


Hugo Lefeuvre wrote:
> Anyways, 4.3.29 introduced quite a few regressions[0], we should probably wait
> for 4.3.30.

I would neither upload 4.3.29 nor 4.3.30 to Jessie but only the
minimal patch plus the hostname regex regression patch as I do for
Stretch and Buster.

Also someone needs first to verify that the Xymon upstream version in
Jessie (IIRC 4.3.17) is actually vulnerable. Upstream didn't specify
if any version before 4.3.28 is affected, too.

		Regards, Axel
 ,''`.  |  Axel Beckert <abe@debian.org>, https://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-    |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

Reply to: