Your message dated Thu, 30 Jan 2020 21:17:36 +0000
with message-id <[email protected]>
and subject line Bug#941895: fixed in monit 1:5.20.0-6+deb9u1
has caused the Debian Bug report #941895,
regarding monit: invalid CSRF check causes login issues
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
941895: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941895
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: monit
Version: 1:5.20.0-6
Severity: normal
Tags: upstream fixed-upstream
Forwarded:
https://bitbucket.org/tildeslash/monit/issues/495/invalid-csrf-check
Hi,
monit upstream fixed a bug with invalid CSRF checking in cookies
(https://bitbucket.org/tildeslash/monit/issues/495/invalid-csrf-check).
One effect of that bug is that when administering multiple servers using
monit's web interface, it is necessary to clear existing cookies before
one can log into another server (especially when there is a mixture of
jessie, stretch and buster machines involved).
Another is that other services on the same host can set cookies which
are presented before the monit cookie, and so a similar problem is caused.
Please consider backporting this fix to stretch in the next oldstable
point release. I haven't investigated whether it is the sole change in
5.21 or whether it would have to be cherry-picked.
Thanks,
--
Jonathan Wiltshire
Red Hat Certified Engineer (#170-281-083)
Tiger Computing Ltd
ISO27001:2017 Certified
Tel: 01600 483 484
Web: https://www.tiger-computing.co.uk
Registered in England. Company number: 3389961
Registered address: Wyastone Business Park,
Wyastone Leys, Monmouth, NP25 3SR
--- End Message ---
--- Begin Message ---
Source: monit
Source-Version: 1:5.20.0-6+deb9u1
We believe that the bug you reported is fixed in the latest version of
monit, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sergey B Kirpichev <[email protected]> (supplier of updated monit package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 09 Oct 2019 15:47:31 +0300
Source: monit
Binary: monit
Architecture: source
Version: 1:5.20.0-6+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Sergey B Kirpichev <[email protected]>
Changed-By: Sergey B Kirpichev <[email protected]>
Description:
monit - utility for monitoring and managing daemons or similar programs
Closes: 941895
Changes:
monit (1:5.20.0-6+deb9u1) stretch; urgency=medium
.
* Implement position independent CSRF cookie value (Closes: #941895).
Checksums-Sha1:
bbe958aa4bfa6b7e8030d4875866cc4229f23e11 1985 monit_5.20.0-6+deb9u1.dsc
c35379912471ac479cbd7a40cb4912074cd4a3d8 29908
monit_5.20.0-6+deb9u1.debian.tar.xz
5bf0250201c812ffe769d20bf33bebb6d8267ee2 6200
monit_5.20.0-6+deb9u1_amd64.buildinfo
Checksums-Sha256:
e1fdfeaa7c46ad700fc0e10ce69733fdc63bc59a02801510eb2735e6322ea228 1985
monit_5.20.0-6+deb9u1.dsc
1900164b557ab938004be40340b569a6a8fbe4329e06fc7554529db30ddcce6f 29908
monit_5.20.0-6+deb9u1.debian.tar.xz
0860552c742b2533d815708ad15744e49d88cf0d3d7be5539ae6d7dfa88f5775 6200
monit_5.20.0-6+deb9u1_amd64.buildinfo
Files:
f34e71a9a7602c9f51edfe1ca3566d1e 1985 admin optional monit_5.20.0-6+deb9u1.dsc
d923cbb9cbb4d2b73a90b3456c96ca2e 29908 admin optional
monit_5.20.0-6+deb9u1.debian.tar.xz
5ee90f6872386c05dd3e0c65476e2599 6200 admin optional
monit_5.20.0-6+deb9u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE22Z64ufHku9jdO/fOcmgtkAmKvAFAl4v/uEACgkQOcmgtkAm
KvDUsA/+IZEKerD5GQrd9gE8f7N1kJBQ3beSzSNZ2Akl+GgE8alTW6+o7hg0Ft3d
eHCnT07RqCruOdn5UUwi7rDxFB9oKrlDeDmOplzTT47LeXcOcGYnLGIGjEGgChn5
RNeF1COaDG0zJ2okL/QOpK03lShY5mhol2kZgYbB6mI5AdenakxUTcCghncCvdns
rlEY92jThPTIxeb2oOpKz63ywCmV2rq7g78oWuj5Xy98S9jI10wtriivVlTzUFUW
Ms8i4+23YssHCBtzuQuNeof9wVYGckghfWI+HbHZtxL6EkxTSUDOxv/ZfOG+ytLq
w8SivEo09wHye/TiQpXEN612lUEgV3bx03HQgh76yeKTns6ahFFqGdbbpJs/aV4O
MpRiedrQ0hmCEC6nlDV5yCtXN5lemJuKVbgIpoe6CFXE4PaBOM9RsR+rEBDtYUK7
6QZ6lf2q/Q+pPLN1nuKE48WJ5LbYLh5a6PFXi5KQKFWfsEJK0tmfQOsAMFszBn9p
cV9rT9u+Mpjoo0sLCOvU2lf6d5F8DxN2vVia6ttAv36zMc6IrBcIaepMizugiIpV
9wC3GW16fI3lOrNm4Zz0bxSBFGPOohui5G0742Q89huxS7uRHUsbd+cX8/NMVonA
DFfYULl7Wr3CiyhNpIpxGznGZY3KTzTzgk1ehJkrlcPjMke5fQA=
=pPjE
-----END PGP SIGNATURE-----
--- End Message ---
