white at alioth.debian.org
2008-Nov-09 09:03 UTC
[Secure-testing-commits] r10350 - data/CVE
Author: white Date: 2008-11-09 09:03:03 +0000 (Sun, 09 Nov 2008) New Revision: 10350 Modified: data/CVE/list Log: nagios CSRF no-dsa after discussion with maintainer, 3 other nagios XSS need evaluation for dsa and then s-p-u notification or dsa Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-11-08 21:14:17 UTC (rev 10349) +++ data/CVE/list 2008-11-09 09:03:03 UTC (rev 10350) @@ -69,6 +69,7 @@ NOT-FOR-US: SonicOS Enhanced CVE-2008-XXXX [CSRF in nagios] - nagios3 <unfixed> (low; bug #504894) + [etch] - nagios2 <no-dsa> (CSRF can only cause DoS and needs admin''s browser) NOTE: http://secunia.com/Advisories/32543/ TODO: check nagios2 NOTE: this is SA32610,