Hi Axel,

On Fri, Jul 26, 2013 at 10:32:30AM +0200, Axel Beckert wrote:
> Salvatore Bonaccorso wrote:
> > According to [1] xymon is vulnerable to ta file deletion
> > vulnerability, which I have not further investigated.
> 
> Yep, also has been announced upstream and I checked with upstream. All
> versions in Debian are said to be vulnerable.
> 
> For experimental, the fixed 4.3.12 is already in Git, but not yet
> tested and hence not yet uploaded.
> 
> >  [1] http://www.securityfocus.com/archive/1/527534/30/0/threaded

Ok, thanks for checking already all versions.

> I already asked upstream for a CVE id, but they don't have one yet[2].
> Can you get one?
> 
> [2] http://lists.xymon.com/pipermail/xymon/2013-July/037909.html

Yes, just have requested one, see [1]. Will forward to you as soon
assigned. If upstream want's to get themself CVE's you can give [2] to
them? (Debian can also assing CVE's but only if the issue is not yet
public to avoid dublication)

 [1] http://www.openwall.com/lists/oss-security/2013/07/26/3
 [2] https://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html

Regards,
Salvatore


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to