** Changed in: nagios3 (Ubuntu Zesty)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1686768
Title:
Restricted contacts can see servers that do not
This bug was fixed in the package nagios3 - 3.5.1.dfsg-2.1ubuntu3.3
---
nagios3 (3.5.1.dfsg-2.1ubuntu3.3) yakkety-security; urgency=medium
* SECURITY REGRESSION: event log cannot open log file (LP: #1690380)
- debian/patches/CVE-2016-9566-regression.patch: relax permissions on
This bug was fixed in the package nagios3 - 3.5.1-1ubuntu1.3
---
nagios3 (3.5.1-1ubuntu1.3) trusty-security; urgency=medium
* SECURITY REGRESSION: event log cannot open log file (LP: #1690380)
- debian/patches/CVE-2016-9566-regression.patch: relax permissions on
log files
This bug was fixed in the package nagios3 - 3.5.1.dfsg-2.1ubuntu1.2
---
nagios3 (3.5.1.dfsg-2.1ubuntu1.2) xenial; urgency=medium
* debian/patches/fix_permissions_for_hostgroups_reports.patch: Fix
permissions for hostgroups reports. Thanks to John C. Frickson
If it was only tested on xenial then the rest has not been yet tested -
switching the tags to show the right state of testing. Someone still
needs to perform the testing on zesty, yakkety and trusty.
** Tags removed: verification-done
** Tags added: verification-done-xenial verification-needed
Under xenial, 3.5.1.dfsg-2.1ubuntu1.2 resolves the issue for me.
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1686768
Title:
Hello Aaron, or anyone else affected,
Accepted nagios3 into zesty-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/nagios3/3.5.1.dfsg-2.1ubuntu5.1 in
a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
Hi,
differences I'd expect are down to headers and changelog style but absolutely
good enough IMHO and I totally like how actively you participate.
So I was reviewing the patches are actually the same across all versions (they
are) and giving it a trial build.
Also I saw on my test runs that all
** Patch added: "Patch for Yakkety"
https://bugs.launchpad.net/ubuntu/+source/nagios3/+bug/1686768/+attachment/4875696/+files/nagios-fix-yakkety.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: "Patch for Trusty"
https://bugs.launchpad.net/ubuntu/+source/nagios3/+bug/1686768/+attachment/4875695/+files/nagios-fix-trusty.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: "Patch for Zesty"
https://bugs.launchpad.net/ubuntu/+source/nagios3/+bug/1686768/+attachment/4875697/+files/nagios-fix-zesty.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: "Patch for Xenial"
https://bugs.launchpad.net/ubuntu/+source/nagios3/+bug/1686768/+attachment/4874912/+files/nagios-fix-xenial.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
This bug was fixed in the package nagios3 - 3.5.1.dfsg-2.1ubuntu6
---
nagios3 (3.5.1.dfsg-2.1ubuntu6) artful; urgency=medium
* debian/patches/ubuntu/Fix-permissions-for-Host-Groups-reports.patch: Fix
leaking hosts to restricted contacts as in upstream tracker
Hi Christian, I've added an SRU template to the top of the description,
hope this is sufficient?
I've also joined the #ubuntu-server IRC channel (as aaronr) so if
there's anything further I can do to help push this fix through just let
me know and I'd be happy to do so.
** Description changed:
I ran some extra QA over the fix as I prepared it for Artful and all
tests were good, so pushing there to fix the current development release
- it should be in artful-proposed soon and auto-close here once
(hopefully) migrating cleanly.
>From there as I outlined it is about preparing and
Hi Aaron,
yeah this will be needed throughout all releases with affected versions.
We can't just pick a few or an upgrade e.g. from Xenial to Yakkety would be a
regression.
The first step is to push it to Artful and for that it is fine already.
A backport seems possible, just someone needs the
Hi Christian,
Thanks for the rapid response!
Had a little trouble with using that PPA in the usual fashion as I'm
running Nagios on Xenial and that PPA is for Artful.
That said, I manually downloaded the .deb files for the nagios3-cgi and
nagios3-common packages and installed them under Xenial
Hi Aaron,
thanks for your report and your detailed pre-analysis.
That helps to make Ubuntu better!
I checked and agree that the patch itself is a rather easy backport.
Yet OTOH I'm as far from a nagios expert as I could be.
So for now I created a "what if" build for the current development
Marked this as a security issue as the bug can cause Nagios to leak data
to users who should not see it, if that's wasn't the right thing to do
please feel free to revert that.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
19 matches
Mail list logo
