Hi Axel, On Fri, Jul 26, 2013 at 10:32:30AM +0200, Axel Beckert wrote: > Salvatore Bonaccorso wrote: > > According to [1] xymon is vulnerable to ta file deletion > > vulnerability, which I have not further investigated. > > Yep, also has been announced upstream and I checked with upstream. All > versions in Debian are said to be vulnerable. > > For experimental, the fixed 4.3.12 is already in Git, but not yet > tested and hence not yet uploaded. > > > [1] http://www.securityfocus.com/archive/1/527534/30/0/threaded
Ok, thanks for checking already all versions. > I already asked upstream for a CVE id, but they don't have one yet[2]. > Can you get one? > > [2] http://lists.xymon.com/pipermail/xymon/2013-July/037909.html Yes, just have requested one, see [1]. Will forward to you as soon assigned. If upstream want's to get themself CVE's you can give [2] to them? (Debian can also assing CVE's but only if the issue is not yet public to avoid dublication) [1] http://www.openwall.com/lists/oss-security/2013/07/26/3 [2] https://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html Regards, Salvatore -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

