Bug#885183: stretch-pu: package ntopng/2.4+dfsg1-3+deb9u1

[Salvatore Bonaccorso <carnil@debian.org>]

Hi Ludovico,

On Sat, Feb 10, 2018 at 10:25:47AM +0100, Julien Cristau wrote:
> Control: tag -1 confirmed
> 
> On Mon, Dec 25, 2017 at 21:26:58 +0100, Ludovico Cavedon wrote:
> 
> > I would like to submit to your consideration an update to ntopng in
> > stretch.
> > 
> > The main bug that triggered this upload is #856048, which causes the
> > user management and preferences section of the web interface to
> > be unusuable.
> > 
> > The fix is already in version 2.4+dfsg1-4 in unstable.
> > 
> > There are three additional important issues from 2.4+dfsg1-4 that I
> > think it would make sense to include:
> > - #859653 which causes ntopng to crash if the mysql backend is selected.
> >   This change only affects mysql users. On the other side it is an
> >   obvious usage-after-free and out-of-bound memeory access issues.
> > - #866721 and #866719, which are securirity-related issues. Do you want
> >   me to reach out to the security team about these first? Do we need to
> >   treat the whole update as a security one instead, or split it?
> > 
> Assuming this has been properly tested in a stretch environment, please
> go ahead and upload.

Friendly ping ;-)

Regards,
Salvatore