Your message dated Sun, 28 Oct 2007 15:47:03 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#448372: fixed in nagios-plugins 1.4.8-2.2 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: nagios-plugins Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for nagios-plugins. CVE-2007-5623[0]: | Buffer overflow in the check_snmp function in Nagios Plugins | (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of | service (crash) via crafted snmpget replies. If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5623 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.pgpmJRmHSDHLm.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: nagios-plugins Source-Version: 1.4.8-2.2 We believe that the bug you reported is fixed in the latest version of nagios-plugins, which is due to be installed in the Debian FTP archive: nagios-plugins-basic_1.4.8-2.2_i386.deb to pool/main/n/nagios-plugins/nagios-plugins-basic_1.4.8-2.2_i386.deb nagios-plugins-standard_1.4.8-2.2_i386.deb to pool/main/n/nagios-plugins/nagios-plugins-standard_1.4.8-2.2_i386.deb nagios-plugins_1.4.8-2.2.diff.gz to pool/main/n/nagios-plugins/nagios-plugins_1.4.8-2.2.diff.gz nagios-plugins_1.4.8-2.2.dsc to pool/main/n/nagios-plugins/nagios-plugins_1.4.8-2.2.dsc nagios-plugins_1.4.8-2.2_all.deb to pool/main/n/nagios-plugins/nagios-plugins_1.4.8-2.2_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nico Golde <[EMAIL PROTECTED]> (supplier of updated nagios-plugins package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sun, 28 Oct 2007 16:15:54 +0100 Source: nagios-plugins Binary: nagios-plugins nagios-plugins-basic nagios-plugins-standard Architecture: source i386 all Version: 1.4.8-2.2 Distribution: unstable Urgency: high Maintainer: Debian Nagios Maintainer Group <[EMAIL PROTECTED]> Changed-By: Nico Golde <[EMAIL PROTECTED]> Description: nagios-plugins - Plugins for the nagios network monitoring and management system nagios-plugins-basic - Plugins for the nagios network monitoring and management system nagios-plugins-standard - Plugins for the nagios network monitoring and management system Closes: 447639 448372 Changes: nagios-plugins (1.4.8-2.2) unstable; urgency=high . * Non-maintainer upload by testing-security team. * Fix remote DoS which can be triggered by a remote attacker via crafted snmpget replies (CVE-2007-5623) (Closes: #448372). * Modifying CVE-2007-5198 patch since it is incomplete (Closes: #447639). Files: e9795908f2573f9c674b9f19d31cf4f0 1027 net extra nagios-plugins_1.4.8-2.2.dsc 889b0744088016aaaa34a02df7b1b37c 25740 net extra nagios-plugins_1.4.8-2.2.diff.gz 84f91b4e85ea982bb59e1fd3168a7c73 89568 net extra nagios-plugins_1.4.8-2.2_all.deb 473e3564967d15829fc878eb9660b135 347900 net extra nagios-plugins-basic_1.4.8-2.2_i386.deb 354f3eabf4fa35b34a20a589457e10bf 188914 net extra nagios-plugins-standard_1.4.8-2.2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHJKz8HYflSXNkfP8RAlLPAJ4/SpPrjbvwJFvFkuFS5CMZO8P6OwCdGeyB 1cio4Fz5xqTZNFnAhmj5sMU= =ZtNu -----END PGP SIGNATURE-----
--- End Message ---