Bug#885183: stretch-pu: package ntopng/2.4+dfsg1-3+deb9u1
Hi Ludovico,
On Sat, Feb 10, 2018 at 10:25:47AM +0100, Julien Cristau wrote:
> Control: tag -1 confirmed
>
> On Mon, Dec 25, 2017 at 21:26:58 +0100, Ludovico Cavedon wrote:
>
> > I would like to submit to your consideration an update to ntopng in
> > stretch.
> >
> > The main bug that triggered this upload is #856048, which causes the
> > user management and preferences section of the web interface to
> > be unusuable.
> >
> > The fix is already in version 2.4+dfsg1-4 in unstable.
> >
> > There are three additional important issues from 2.4+dfsg1-4 that I
> > think it would make sense to include:
> > - #859653 which causes ntopng to crash if the mysql backend is selected.
> > This change only affects mysql users. On the other side it is an
> > obvious usage-after-free and out-of-bound memeory access issues.
> > - #866721 and #866719, which are securirity-related issues. Do you want
> > me to reach out to the security team about these first? Do we need to
> > treat the whole update as a security one instead, or split it?
> >
> Assuming this has been properly tested in a stretch environment, please
> go ahead and upload.
Friendly ping ;-)
Regards,
Salvatore
Reply to: