On 2019-08-19 20:54, Moritz Mühlenhoff wrote:
On Mon, Aug 19, 2019 at 02:27:09PM +0200, Hugo Lefeuvre wrote:
Hi,
I just had a look at xymon's vulnerabilities in jessie, stretch and
buster.
Upstream claims some of these issues to be exploitable, among others
the XSS
vulnerability. I plan to address at least this one in jessie.
I see that Moritz and Axel already discussed this on upstream's
mailing list,
however the tracker has not been updated yet. Is anybody working on
it? If not,
I can take some time to do it.
These are scheduled via the next 9.10 and 10.1 point releases, but it
seems
we missed to mark it as no-dsa yet, I'll fix that in a bit.
There doesn't appear to be a request for either a buster or stretch
update yet, for the record.
Regards,
Adam
