[ubuntu/zesty-proposed] nagios3 3.5.1.dfsg-2.1ubuntu5 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Mon Apr 3 07:09:08 UTC 2017 

nagios3 (3.5.1.dfsg-2.1ubuntu5) zesty; urgency=medium

  * SECURITY UPDATE: off-by-one errors leading to DoS or info disclosure
    - debian/patches/CVE-2013-7xxx.patch: fix off-by-ones and check length
      in cgi/avail.c, cgi/cmd.c, cgi/config.c, cgi/extinfo.c,
      cgi/histogram.c, cgi/notifications.c, cgi/outages.c, cgi/status.c,
      cgi/statusmap.c, cgi/statuswml.c, cgi/summary.c, cgi/trends.c,
      contrib/daemonchk.c.
    - CVE-2013-7108
    - CVE-2013-7205
  * SECURITY UPDATE: DoS via long message to cmd.cgi
    - debian/patches/CVE-2014-1878.patch: check len in cgi/cmd.c.
    - CVE-2014-1878
  * SECURITY UPDATE: symlink attack on log file
    - debian/patches/CVE-2016-9566.patch: safely handle log file in
      base/logging.c.
    - CVE-2016-9566

Date: Fri, 31 Mar 2017 15:20:50 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/nagios3/3.5.1.dfsg-2.1ubuntu5
-------------- next part --------------
Format: 1.8
Date: Fri, 31 Mar 2017 15:20:50 -0400
Source: nagios3
Binary: nagios3-common nagios3-cgi nagios3 nagios3-core nagios3-doc nagios3-dbg
Architecture: source
Version: 3.5.1.dfsg-2.1ubuntu5
Distribution: zesty
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 nagios3    - host/service/network monitoring and management system
 nagios3-cgi - cgi files for nagios3
 nagios3-common - support files for nagios3
 nagios3-core - host/service/network monitoring and management system core files
 nagios3-dbg - debugging symbols and debug stuff for nagios3
 nagios3-doc - documentation for nagios3
Changes:
 nagios3 (3.5.1.dfsg-2.1ubuntu5) zesty; urgency=medium
 .
   * SECURITY UPDATE: off-by-one errors leading to DoS or info disclosure
     - debian/patches/CVE-2013-7xxx.patch: fix off-by-ones and check length
       in cgi/avail.c, cgi/cmd.c, cgi/config.c, cgi/extinfo.c,
       cgi/histogram.c, cgi/notifications.c, cgi/outages.c, cgi/status.c,
       cgi/statusmap.c, cgi/statuswml.c, cgi/summary.c, cgi/trends.c,
       contrib/daemonchk.c.
     - CVE-2013-7108
     - CVE-2013-7205
   * SECURITY UPDATE: DoS via long message to cmd.cgi
     - debian/patches/CVE-2014-1878.patch: check len in cgi/cmd.c.
     - CVE-2014-1878
   * SECURITY UPDATE: symlink attack on log file
     - debian/patches/CVE-2016-9566.patch: safely handle log file in
       base/logging.c.
     - CVE-2016-9566
Checksums-Sha1:
 40e670d89924c8179f53e872b1d6dd7f66c67035 2481 nagios3_3.5.1.dfsg-2.1ubuntu5.dsc
 3763a25353e08587b9bfdd3881d0fb9a83789866 75544 nagios3_3.5.1.dfsg-2.1ubuntu5.debian.tar.xz
Checksums-Sha256:
 647e0acdf72d12865c1e0f5b5c9fd59d8f239e2f0d5cc4e9ef4abf4408f8de40 2481 nagios3_3.5.1.dfsg-2.1ubuntu5.dsc
 d8a866ed6f43f44d22a50cd3d26cafe335dd53c2d9f10a1e14934ad1a643512c 75544 nagios3_3.5.1.dfsg-2.1ubuntu5.debian.tar.xz
Files:
 52030ab4304b73756a1f939de606df12 2481 net optional nagios3_3.5.1.dfsg-2.1ubuntu5.dsc
 4ad6f8999c209336562d35df5185da23 75544 net optional nagios3_3.5.1.dfsg-2.1ubuntu5.debian.tar.xz
Original-Maintainer: Debian Nagios Maintainer Group <pkg-nagios-devel at lists.alioth.debian.org>

More information about the Zesty-changes mailing list