Bug#885183: stretch-pu: package ntopng/2.4+dfsg1-3+deb9u1
Control: tag -1 confirmed
On Mon, Dec 25, 2017 at 21:26:58 +0100, Ludovico Cavedon wrote:
> I would like to submit to your consideration an update to ntopng in
> stretch.
>
> The main bug that triggered this upload is #856048, which causes the
> user management and preferences section of the web interface to
> be unusuable.
>
> The fix is already in version 2.4+dfsg1-4 in unstable.
>
> There are three additional important issues from 2.4+dfsg1-4 that I
> think it would make sense to include:
> - #859653 which causes ntopng to crash if the mysql backend is selected.
> This change only affects mysql users. On the other side it is an
> obvious usage-after-free and out-of-bound memeory access issues.
> - #866721 and #866719, which are securirity-related issues. Do you want
> me to reach out to the security team about these first? Do we need to
> treat the whole update as a security one instead, or split it?
>
Assuming this has been properly tested in a stretch environment, please
go ahead and upload.
Cheers,
Julien
Reply to: