Re: Upcoming upload for nagios-3.0.5

To: debian-release@lists.debian.org
Subject: Re: Upcoming upload for nagios-3.0.5
From: Alexander Wirt <formorer@formorer.de>
Date: Tue, 2 Dec 2008 13:17:59 +0100
Message-id: <[🔎] 20081202121758.GA20620@apu.snow-crash.org>
In-reply-to: <20081128212058.GT20620@apu.snow-crash.org>
References: <20081128212058.GT20620@apu.snow-crash.org>

Alexander Wirt schrieb am Friday, den 28. November 2008:

Hi, 

> unfortunatly Nagios has some security bug which can lead to remote command
> execution under some very special circumstances. See [1] for more details. 
> Upstream released 3.0.5 which addresses this issue and is fixes are very
> intrusive and not easy to backport since they change many things in the cgi
> (they introduce some kind of session handling) code. I tried to backport it
> but failed after a few hours with a big, not working patch. So I decided to
> try to get 3.0.5 into debian. The patch is pretty big, but nearly everything
> are documentation, bug and security fixes (see the changelog entrys [2]). 
> 
> I attached a patch from nagios-3.0.3-4 to nagios-3.0.5-1. If this is not
> acceptable for the releaseteam somebody else with more knowledge in C should
> provide a proper fix. To get the diff a little bit shorter I removed html/*
> and the debian po files from the diff. 
In the meanwhile 3.0.6 got released with even more security fixes for the
cgi parts. I will provide a diff soon and ask for inclusion of 3.0.6 instead
of 3.0.5.

Thanks
Alex

Reply to:

Follow-Ups:
- Re: Upcoming upload for nagios-3.0.5
  - From: Luk Claes <luk@debian.org>

Prev by Date: Re: Please unblock linux-2.6/2.6.26-11, linux-modules-extra-2.6/2.6.26-5, redhat-cluster/2.20081102-1
Next by Date: Re: Request for freeze exception: apt-cacher-ng
Previous by thread: Re: Please unblock linux-2.6/2.6.26-11, linux-modules-extra-2.6/2.6.26-5, redhat-cluster/2.20081102-1
Next by thread: Re: Upcoming upload for nagios-3.0.5
Index(es):
- Date
- Thread