Hi Russell,
On Fri, May 22, 2026 at 09:39:42PM +1000, Russell Stuart wrote:
> Attached is a debdiff update for nagios4 in trixie addressing the
> CSRF vulnerability in cmd.cgi reported in #1136340. No CVE has been
> assigned upstream.
The diff looks fine, we can fix this is a DSA, can you please build
this with -sa and upload to security-master? (ftp.d.o and security.d.o
don't share tarballs). Did you have a chance to test this?
Bookworm is also still supported for one more month, but both seem
to use 4.4.6, so can you also prepare the same diff as 4.4.6-4+deb12u1
and also upload to security-master?
Cheers,
Moritz
