Debian Bug report logs -
#968833
CVE-2020-24368
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>
:
Bug#968833
; Package icingaweb2
.
(Fri, 21 Aug 2020 21:21:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>
.
(Fri, 21 Aug 2020 21:21:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: icingaweb2
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
This was assigned CVE-2020-24368:
https://icinga.com/2020/08/19/icinga-web-security-release-v2-6-4-v2-7-4-and-v2-8-2/
https://github.com/Icinga/icingaweb2/issues/4226
Cheers,
Moritz
Reply sent
to Bas Couwenberg <sebastic@debian.org>
:
You have taken responsibility.
(Sat, 22 Aug 2020 06:06:03 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>
:
Bug acknowledged by developer.
(Sat, 22 Aug 2020 06:06:03 GMT) (full text, mbox, link).
Message #10 received at 968833-close@bugs.debian.org (full text, mbox, reply):
Source: icingaweb2
Source-Version: 2.8.2-1
Done: Bas Couwenberg <sebastic@debian.org>
We believe that the bug you reported is fixed in the latest version of
icingaweb2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 968833@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bas Couwenberg <sebastic@debian.org> (supplier of updated icingaweb2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 22 Aug 2020 07:16:12 +0200
Source: icingaweb2
Architecture: source
Version: 2.8.2-1
Distribution: unstable
Urgency: high
Maintainer: Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>
Changed-By: Bas Couwenberg <sebastic@debian.org>
Closes: 968833
Changes:
icingaweb2 (2.8.2-1) unstable; urgency=high
.
* Team upload.
* New upstream release.
- Fixes CVE-2020-24368.
(closes: #968833)
* Update uglifyjs options for 3.10.1.
* Update lintian overrides.
Checksums-Sha1:
6c0c26d9f2a7c3ca6f9a757e6177b34cb5e18dc0 2354 icingaweb2_2.8.2-1.dsc
6220132866baf03bef0e532cf232a2ea8b3d2252 8514166 icingaweb2_2.8.2.orig.tar.gz
d2826ed318878deb3e6f5c3273a1d45d4eb64f86 12824 icingaweb2_2.8.2-1.debian.tar.xz
8a375731dd01a60f4f6dcda2e748a0087212436e 8357 icingaweb2_2.8.2-1_amd64.buildinfo
Checksums-Sha256:
52f12aeb1b6b0768fcb64b31075c4b498adad3ac2243da8a3a1da98229a0c5b0 2354 icingaweb2_2.8.2-1.dsc
47d64bc4eeb574ca4ca2f765866a1612ed885d47d53cb3e7dc19adeb10b2b3db 8514166 icingaweb2_2.8.2.orig.tar.gz
789856ff7f97ed2da73a22bd9f2acdf34884307cc0f5729d2f8d72ea7d25cf98 12824 icingaweb2_2.8.2-1.debian.tar.xz
4e73e489b71bc6f080a2c8beb1cbf3d4fc17f009565bc25e9197d88942959f28 8357 icingaweb2_2.8.2-1_amd64.buildinfo
Files:
1ce76448dacfa23a5779a7f1e3313024 2354 admin optional icingaweb2_2.8.2-1.dsc
a6574b5f5f0af00bb1f4c53ff4322fe3 8514166 admin optional icingaweb2_2.8.2.orig.tar.gz
e6bfbc0454efd4604531c12795cb507c 12824 admin optional icingaweb2_2.8.2-1.debian.tar.xz
763b05c7251457eb46af1169d039df2c 8357 admin optional icingaweb2_2.8.2-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEgYLeQXBWQI1hRlDRZ1DxCuiNSvEFAl9AsHAACgkQZ1DxCuiN
SvGEOxAAuWs4QL1TCgRKmfBeL8gnMmE+mCeqTbcNjU0I83tTevGhd/jPzrxOVq7T
ygHE846mRe1q156uVC7dX4PCl6jem/A9vxsAEteTWvztDQppD2V63cjbDFr4jZRH
GebSvMZnvJsY7p7CdqX3+MHbTATUgj6VHAS5rtp08ciotBQj9bTZEdqWsR3IoMDD
o7e0DihHvk0amoOU2uzxpEYxowTQlHdsszyeXPf5Z7IRVX7u95hN+zAfNajE+NQa
15jxVKN40P6mAx8McDPSqFRVXj/NcSkFckdXwTdZSqQ1ilhqh917stYAGDdFcpKT
lmzXl2h6thO/eldLtPwxilcjdBdn9q/7xUoiNvkSIhucJaZqb4w+wwQzDFhEdr16
ElgcjSy8OGhCgKnjBy2aDr+BuOeBJ2H/Ub3r9Cm6yqCDujN1xGMSwzgQ58il9ZTi
N1WhQ3oLZMGbCHBtbnhK2OeJF3sJfzvOHkAb5cSs77ZpPmUHA4MgdHGHh++GCAU+
Q6aJDpTq4dFKXRJBk1ho9Dv2creh4Yt01+1exvfMxUXYtOo1ryDRctZ1ojFce9u2
r7CBDl6QePLtYbmETvydxJKFK4cfsuBtKGYdaHiuVQJZu9M3ZTSDXg7JuVLHsL1R
WRYvy+5mcl/FHR8zdBmxArRRJIRfQR50blIMkREbp6KTlBtbUcY=
=N5W4
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>
:
Bug#968833
; Package icingaweb2
.
(Sat, 22 Aug 2020 06:09:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Sebastiaan Couwenberg <sebastic@xs4all.nl>
:
Extra info received and forwarded to list. Copy sent to Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>
.
(Sat, 22 Aug 2020 06:09:03 GMT) (full text, mbox, link).
Message #15 received at 968833@bugs.debian.org (full text, mbox, reply):
Control: tags -1 pending
Hi Moritz,
This is fixed in icingaweb2 (2.8.2-1) which was just uploaded to unstable.
I've also prepared an update for buster, see:
https://salsa.debian.org/nagios-team/pkg-icingaweb2/-/commits/buster
Do you want to upload that to security-master or shall I?
Kind Regards,
Bas
--
GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
Added tag(s) pending.
Request was from Sebastiaan Couwenberg <sebastic@xs4all.nl>
to 968833-submit@bugs.debian.org
.
(Sat, 22 Aug 2020 06:09:03 GMT) (full text, mbox, link).
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sat, 22 Aug 2020 06:51:02 GMT) (full text, mbox, link).
Marked as found in versions icingaweb2/2.8.2-1; no longer marked as fixed in versions icingaweb2/2.8.2-1 and reopened.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sat, 22 Aug 2020 06:51:03 GMT) (full text, mbox, link).
Marked as found in versions icingaweb2/2.6.2-3.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sat, 22 Aug 2020 06:51:03 GMT) (full text, mbox, link).
No longer marked as found in versions icingaweb2/2.8.2-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sat, 22 Aug 2020 06:51:05 GMT) (full text, mbox, link).
Marked as fixed in versions icingaweb2/2.8.2-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sat, 22 Aug 2020 06:51:06 GMT) (full text, mbox, link).
Marked as found in versions icingaweb2/2.8.1-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sat, 22 Aug 2020 07:00:03 GMT) (full text, mbox, link).
Marked Bug as done
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sat, 22 Aug 2020 07:00:03 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>
:
Bug acknowledged by developer.
(Sat, 22 Aug 2020 07:00:04 GMT) (full text, mbox, link).
Message sent on
to Moritz Muehlenhoff <jmm@debian.org>
:
Bug#968833.
(Sat, 22 Aug 2020 07:00:05 GMT) (full text, mbox, link).
Message #38 received at 968833-submitter@bugs.debian.org (full text, mbox, reply):
found 968833 2.8.1-1
# rectify previous mistake with found/notfound dance
close 968833 2.8.2-1
thanks
Marked as found in versions icingaweb2/2.0.0~beta3-1.
Request was from Bas Couwenberg <sebastic@debian.org>
to control@bugs.debian.org
.
(Sat, 22 Aug 2020 08:36:03 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sat Aug 22 10:23:39 2020;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.