Hi Salvatore,

Salvatore Bonaccorso wrote:
> According to [1] xymon is vulnerable to ta file deletion
> vulnerability, which I have not further investigated.

Yep, also has been announced upstream and I checked with upstream. All
versions in Debian are said to be vulnerable.

For experimental, the fixed 4.3.12 is already in Git, but not yet
tested and hence not yet uploaded.

>  [1] http://www.securityfocus.com/archive/1/527534/30/0/threaded

I already asked upstream for a CVE id, but they don't have one yet[2].
Can you get one?

[2] http://lists.xymon.com/pipermail/xymon/2013-July/037909.html

                Regards, Axel
-- 
 ,''`.  |  Axel Beckert <[email protected]>, http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE
  `-    |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to