Your message dated Sun, 28 Oct 2007 15:47:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#448372: fixed in nagios-plugins 1.4.8-2.2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: nagios-plugins
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for nagios-plugins.
CVE-2007-5623[0]:
| Buffer overflow in the check_snmp function in Nagios Plugins
| (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of
| service (crash) via crafted snmpget replies.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5623
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpmJRmHSDHLm.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: nagios-plugins
Source-Version: 1.4.8-2.2
We believe that the bug you reported is fixed in the latest version of
nagios-plugins, which is due to be installed in the Debian FTP archive:
nagios-plugins-basic_1.4.8-2.2_i386.deb
to pool/main/n/nagios-plugins/nagios-plugins-basic_1.4.8-2.2_i386.deb
nagios-plugins-standard_1.4.8-2.2_i386.deb
to pool/main/n/nagios-plugins/nagios-plugins-standard_1.4.8-2.2_i386.deb
nagios-plugins_1.4.8-2.2.diff.gz
to pool/main/n/nagios-plugins/nagios-plugins_1.4.8-2.2.diff.gz
nagios-plugins_1.4.8-2.2.dsc
to pool/main/n/nagios-plugins/nagios-plugins_1.4.8-2.2.dsc
nagios-plugins_1.4.8-2.2_all.deb
to pool/main/n/nagios-plugins/nagios-plugins_1.4.8-2.2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated nagios-plugins package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 28 Oct 2007 16:15:54 +0100
Source: nagios-plugins
Binary: nagios-plugins nagios-plugins-basic nagios-plugins-standard
Architecture: source i386 all
Version: 1.4.8-2.2
Distribution: unstable
Urgency: high
Maintainer: Debian Nagios Maintainer Group <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description:
nagios-plugins - Plugins for the nagios network monitoring and management
system
nagios-plugins-basic - Plugins for the nagios network monitoring and
management system
nagios-plugins-standard - Plugins for the nagios network monitoring and
management system
Closes: 447639 448372
Changes:
nagios-plugins (1.4.8-2.2) unstable; urgency=high
.
* Non-maintainer upload by testing-security team.
* Fix remote DoS which can be triggered by a remote attacker
via crafted snmpget replies (CVE-2007-5623) (Closes: #448372).
* Modifying CVE-2007-5198 patch since it is incomplete (Closes: #447639).
Files:
e9795908f2573f9c674b9f19d31cf4f0 1027 net extra nagios-plugins_1.4.8-2.2.dsc
889b0744088016aaaa34a02df7b1b37c 25740 net extra
nagios-plugins_1.4.8-2.2.diff.gz
84f91b4e85ea982bb59e1fd3168a7c73 89568 net extra
nagios-plugins_1.4.8-2.2_all.deb
473e3564967d15829fc878eb9660b135 347900 net extra
nagios-plugins-basic_1.4.8-2.2_i386.deb
354f3eabf4fa35b34a20a589457e10bf 188914 net extra
nagios-plugins-standard_1.4.8-2.2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHJKz8HYflSXNkfP8RAlLPAJ4/SpPrjbvwJFvFkuFS5CMZO8P6OwCdGeyB
1cio4Fz5xqTZNFnAhmj5sMU=
=ZtNu
-----END PGP SIGNATURE-----
--- End Message ---
