[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: xymon vulnerabilities in jessie, stretch and buster


> > Anyways, 4.3.29 introduced quite a few regressions[0], we should probably wait
> > for 4.3.30.
> I would neither upload 4.3.29 nor 4.3.30 to Jessie but only the
> minimal patch plus the hostname regex regression patch as I do for
> Stretch and Buster.

Thanks! I have backported your stretch update, currently testing it.

> Also someone needs first to verify that the Xymon upstream version in
> Jessie (IIRC 4.3.17) is actually vulnerable. Upstream didn't specify
> if any version before 4.3.28 is affected, too.

I did not reproduce the issue, but the vulnerable code is present.


                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C

Attachment: signature.asc
Description: PGP signature

Reply to: