Your message dated Fri, 13 Mar 2026 03:08:56 +0000
with message-id <[email protected]>
and subject line Bug#1130503: fixed in glances 4.5.1+dfsg-1
has caused the Debian Bug report #1130503,
regarding glances: CVE-2026-30928
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1130503: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130503
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: glances
Version: 4.3.3+dfsg-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for glances.
CVE-2026-30928[0]:
| Glances is an open-source system cross-platform monitoring tool.
| Prior to 4.5.1, the /api/4/config REST API endpoint returns the
| entire parsed Glances configuration file (glances.conf) via
| self.config.as_dict() with no filtering of sensitive values. The
| configuration file contains credentials for all configured backend
| services including database passwords, API tokens, JWT signing keys,
| and SSL key passwords. This vulnerability is fixed in 4.5.1.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-30928
https://www.cve.org/CVERecord?id=CVE-2026-30928
[1] https://github.com/nicolargo/glances/security/advisories/GHSA-gh4x-f7cq-wwx6
[2]
https://github.com/nicolargo/glances/commit/5d3de603e63f21b0fd6aa2b9da0301f757c33e39
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: glances
Source-Version: 4.5.1+dfsg-1
Done: Daniel Echeverri <[email protected]>
We believe that the bug you reported is fixed in the latest version of
glances, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Echeverri <[email protected]> (supplier of updated glances package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 12 Mar 2026 19:52:28 -0500
Source: glances
Architecture: source
Version: 4.5.1+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Daniel Echeverri <[email protected]>
Changed-By: Daniel Echeverri <[email protected]>
Closes: 1115361 1130503 1130504
Changes:
glances (4.5.1+dfsg-1) unstable; urgency=medium
.
* New upstream version 4.5.1+dfsg
+ Fixing CVE-2026-30928 (Closes: #1130503)
+ Fixing CVE-2026-30930 (Closes: #1130504)
* debian/patches
+ Refresh 004_disable-pypi.patch
+ Refresh 006_indicate_user_webserver_static_files_not_included.patch
+ Refresh 008_fix_lintian_warnings_in_manpage.diff
* debian/control
+ Drop python-fastapi from Recommends
it's already in Depends. (Closes: #1115361)
+ Remove redundant Priority and Rules-Requires-Root fields
+ Update standards version to 4.7.3
* debian/copyright
+ Extend copyright debian holders years
+ Update renamed glances_stdout_api_doc.py pattern
* debian/watch
+ Update to Version 5
Checksums-Sha1:
6f4868e391e196de294b6b9aae59841d48084296 2230 glances_4.5.1+dfsg-1.dsc
c6acf7d4bffb80610cc04cb0b9f6db4993fa5b0e 7139602 glances_4.5.1+dfsg.orig.tar.gz
438843321b55380dc766b4ba1050ddb20a5fb0cb 13484
glances_4.5.1+dfsg-1.debian.tar.xz
c9394d7bba063a4796dffec3ae1f477aa386a8a4 8583
glances_4.5.1+dfsg-1_amd64.buildinfo
Checksums-Sha256:
55475e85e047e2ab2adde8bc5848e4c31703fe7af7ae1d5b749eab2c8066e5dc 2230
glances_4.5.1+dfsg-1.dsc
fe860a2026b1e6a9404748ff39b21075753f4cf1733237b557d83156500f300f 7139602
glances_4.5.1+dfsg.orig.tar.gz
3a2c3e9437e8d013485672b634bfa3c930e89f91e021a43d1366e953fdd6d6f8 13484
glances_4.5.1+dfsg-1.debian.tar.xz
8844438445804b6cf4628029d541a54e0752c6910be59652f6194304dc74ad39 8583
glances_4.5.1+dfsg-1_amd64.buildinfo
Files:
ed90897f21a27647028f53ec02a6bcd3 2230 utils optional glances_4.5.1+dfsg-1.dsc
7639dc339143c1b028226484a46e7caf 7139602 utils optional
glances_4.5.1+dfsg.orig.tar.gz
0a2439b5024f2258fc7df78e8c5e9aa7 13484 utils optional
glances_4.5.1+dfsg-1.debian.tar.xz
f53b3b6cf2c0300ee5486be005bf4e9f 8583 utils optional
glances_4.5.1+dfsg-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCgAxFiEE0NCFsWnDv9lASFj6IfwpUEtSMNsFAmmzc9sTHGVwc2lsb25A
ZGViaWFuLm9yZwAKCRAh/ClQS1Iw25YvD/4kzaVhZQne4lGgBGX/IwzYcOi2Cw2Q
Qs/aC3ovKDj7hhYYs6vzVwpNY/T8pIyOAcy2imEGDm6v3RIsIvrGEm2F+aiyJ88Y
FGPJOSQ//ztvE7PiUQQuMII3GYdhuYuhvPbLuh9x2V+61a0YI36mtxgJQamLxciE
tinmbGssoSasDLXTm+uDSbW70MYLBKnir1fs5AzTozff1XldpNxxhxUWemQ2RX4+
rI8+fUiLamm7L8P/+OE5gtKpVciI2IAsmkMfCYF+i5wcYyqUfqK2+YPAvuu08QBM
RCwk578ahIksRuHI2WSONwM2FOplrRcUER2zlZLf3pbJfEiZBE+HcNgIzVCsHtFD
OJ/PmNr//7rNRqYyMPWvlUEbAszvMJ9bCXlPSiTNT0d4lrNbbK8bx/7GrL1vjAPT
tzcBbiGgI4fRhe3+2JM16/RYbO3jSlNqU8CbJ1ZNcK5hCC4Axm28g/C1/5llvPz+
OBh7QGcJiA/3JRYL7zZcjVHj/sqK35yo2IELbYQ5zNCrdldTfQ6jCpORqU7oo+2L
fUnN9jk8pn1TDCsz7P8YxHmv8E67JrB/jIMZp0bPtZ2AEA6d11QGKN8Y/+Kap50H
Hu5iujuiJVB4zYDL3VyqZMcVPksI2ZxocJVffIniex+e1qbjJHCKlcIqByNzBWbA
4g3yK5AX99HoIA==
=LBds
-----END PGP SIGNATURE-----
pgpU7kjxxKvR5.pgp
Description: PGP signature
--- End Message ---
