Author: stef-guest Date: 2006-05-20 13:03:00 +0000 (Sat, 20 May 2006) New Revision: 3999 Modified: data/CVE/list Log: nagios issue already fixed in unstable Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-05-20 12:08:51 UTC (rev 3998) +++ data/CVE/list 2006-05-20 13:03:00 UTC (rev 3999) @@ -5,8 +5,8 @@ CVE-2006-2490 (Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP ...) NOT-FOR-US: Mobotix CVE-2006-2489 (Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x ...) - - nagios <unfixed> (high) - - nagios2 <unfixed> (high) + - nagios 2:1.4-1 (bug #366682; bug #366803; high) + - nagios2 2.3-1 (bug #366683; high) CVE-2006-2488 (Multiple cross-site scripting (XSS) vulnerabilities in Spymac WebOS ...) NOT-FOR-US: Spymac CVE-2006-2487 (Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 ...)
Florian Weimer
2006-May-23 14:48 UTC
[Secure-testing-team] Re: [Secure-testing-commits] r3999 - data/CVE
* Stefan Fritsch:> nagios issue already fixed in unstable> CVE-2006-2489 (Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x ...) > - - nagios <unfixed> (high) > - - nagios2 <unfixed> (high) > + - nagios 2:1.4-1 (bug #366682; bug #366803; high) > + - nagios2 2.3-1 (bug #366683; high)Are you sure it''s 2.3-1 and not 2.3.1?
Stefan Fritsch
2006-May-23 19:23 UTC
[Secure-testing-team] Re: [Secure-testing-commits] r3999 - data/CVE
On Tuesday 23 May 2006 16:48, Florian Weimer wrote:> * Stefan Fritsch: > > nagios issue already fixed in unstable > > > > CVE-2006-2489 (Integer overflow in CGI scripts in Nagios 1.x > > before 1.4.1 and 2.x ...) - - nagios <unfixed> (high) > > - - nagios2 <unfixed> (high) > > + - nagios 2:1.4-1 (bug #366682; bug #366803; high) > > + - nagios2 2.3-1 (bug #366683; high) > > Are you sure it''s 2.3-1 and not 2.3.1?Yes, CVE-2006-2489 was found in the discussion in the Debian bugreports about CVE-2006-2162 and the maintainer included the fix before upstream released it. Cheers, Stefan -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060523/db083448/attachment.pgp
Florian Weimer
2006-May-27 06:54 UTC
[Secure-testing-team] Re: [Secure-testing-commits] r3999 - data/CVE
* Stefan Fritsch:> On Tuesday 23 May 2006 16:48, Florian Weimer wrote: >> * Stefan Fritsch: >> > nagios issue already fixed in unstable >> > >> > CVE-2006-2489 (Integer overflow in CGI scripts in Nagios 1.x >> > before 1.4.1 and 2.x ...) - - nagios <unfixed> (high) >> > - - nagios2 <unfixed> (high) >> > + - nagios 2:1.4-1 (bug #366682; bug #366803; high) >> > + - nagios2 2.3-1 (bug #366683; high) >> >> Are you sure it''s 2.3-1 and not 2.3.1? > > Yes, CVE-2006-2489 was found in the discussion in the Debian > bugreports about CVE-2006-2162 and the maintainer included the fix > before upstream released it.Ah, okay, I was momentarily confused by some lack of maintainer coordination. Thanks for the clarification.