Bug#935473: stretch-pu: package xymon/4.3.28-2+deb9u1

To: Axel Beckert <abe@debian.org>, 935473@bugs.debian.org
Subject: Bug#935473: stretch-pu: package xymon/4.3.28-2+deb9u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Fri, 23 Aug 2019 06:31:02 +0100
Message-id: <[🔎] 94e846ba50ce20a7c03fe6f1ffc57e79e317aaf0.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 935473@bugs.debian.org
In-reply-to: <[🔎] 156651760385.27462.498554586761293783.reportbug@c-cactus2>
References: <[🔎] 156651760385.27462.498554586761293783.reportbug@c-cactus2> <[🔎] 156651760385.27462.498554586761293783.reportbug@c-cactus2>

Control: tags -1 + confirmed

On Fri, 2019-08-23 at 01:46 +0200, Axel Beckert wrote:
> 
> The Debian Security Team decided to not issue a security update for
> these CVE IDs:
> 
> * CVE-2019-13451: service overflows histlogfn in history.c.
> * CVE-2019-13452: service overflows histlogfn in reportlog.c.
> * CVE-2019-13273: srdb overflows dbfn in csvinfo.c.
> * CVE-2019-13274: reflected XSS in csvinfo.c.
> * CVE-2019-13455: htmlquoted(hostname) overflows msgline in
>   acknowledge.c.
> * CVE-2019-13484: htmlquoted(xymondreq) overflows errtxt appfeed.c.
> * CVE-2019-13485: hostname overflows selfurl in history.c.
> * CVE-2019-13486: htmlquoted(xymondreq) overflows errtxt in
>   svcstatus.c.
> 
> Hence I propose to do these as a normal stable update.
> 

Please go ahead.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#935473: stretch-pu: package xymon/4.3.28-2+deb9u1
  - From: Axel Beckert <abe@debian.org>

References:
- Bug#935473: stretch-pu: package xymon/4.3.28-2+deb9u1
  - From: Axel Beckert <abe@debian.org>

Prev by Date: NEW changes in oldstable-new
Next by Date: Processed: Re: Bug#935473: stretch-pu: package xymon/4.3.28-2+deb9u1
Previous by thread: Bug#935473: stretch-pu: package xymon/4.3.28-2+deb9u1
Next by thread: Bug#935473: stretch-pu: package xymon/4.3.28-2+deb9u1
Index(es):
- Date
- Thread