Faidon Liambotis <> changed:

           What    |Removed                     |Added
                 CC|                            |

--- Comment #8 from Faidon Liambotis <> ---
Yes, there are security issues with Icinga that forced us to lock it down
temporarily back in December 12th.

These are CVE-2013-7106, CVE-2013-7107 & CVE-2013-7108. They are still unfixed
in Ubuntu precise (LTS); Icinga is in the universe section, so the Ubuntu
security team deals with them on a "best effort" basis (i.e. they might not
even update it, at all).

The vulnerability status per Ubuntu distribution can be tracked at:
respectively. Note how they decided to ignore the first one (a CSRF), which
shows IMHO a poor judgement from their part.

I don't think we can take the time to do a major Icinga version upgrade right
now, nor to backport the fixes ourselves. Our current strategy is "wait for
Ubuntu", but if anyone wants to help the backporting process (and optionally
engage with the Ubuntu security team so others can benefit from that) that'd be

You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
Wikibugs-l mailing list

Reply via email to