On Mon, Aug 19, 2019 at 02:27:09PM +0200, Hugo Lefeuvre wrote: > Hi, > > I just had a look at xymon's vulnerabilities in jessie, stretch and buster. > > Upstream claims some of these issues to be exploitable, among others the XSS > vulnerability. I plan to address at least this one in jessie. > > I see that Moritz and Axel already discussed this on upstream's mailing list, > however the tracker has not been updated yet. Is anybody working on it? If > not, > I can take some time to do it.
These are scheduled via the next 9.10 and 10.1 point releases, but it seems we missed to mark it as no-dsa yet, I'll fix that in a bit. Cheers, Moritz