Alexander Wirt schrieb am Friday, den 28. November 2008: Hi,
> unfortunatly Nagios has some security bug which can lead to remote command > execution under some very special circumstances. See [1] for more details. > Upstream released 3.0.5 which addresses this issue and is fixes are very > intrusive and not easy to backport since they change many things in the cgi > (they introduce some kind of session handling) code. I tried to backport it > but failed after a few hours with a big, not working patch. So I decided to > try to get 3.0.5 into debian. The patch is pretty big, but nearly everything > are documentation, bug and security fixes (see the changelog entrys [2]). > > I attached a patch from nagios-3.0.3-4 to nagios-3.0.5-1. If this is not > acceptable for the releaseteam somebody else with more knowledge in C should > provide a proper fix. To get the diff a little bit shorter I removed html/* > and the debian po files from the diff. In the meanwhile 3.0.6 got released with even more security fixes for the cgi parts. I will provide a diff soon and ask for inclusion of 3.0.6 instead of 3.0.5. Thanks Alex -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
