Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2020-24368

Source

Debian Bug report logs - #968833
CVE-2020-24368

Package: icingaweb2; Maintainer for icingaweb2 is Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>; Source for icingaweb2 is src:icingaweb2 (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Fri, 21 Aug 2020 21:21:02 UTC

Severity: grave

Tags: pending, security, upstream

Found in versions icingaweb2/2.6.2-3, icingaweb2/2.8.1-1, icingaweb2/2.0.0~beta3-1

Fixed in version icingaweb2/2.8.2-1

Done: Salvatore Bonaccorso <carnil@debian.org>

Forwarded to https://github.com/Icinga/icingaweb2/issues/4226

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>:
Bug#968833; Package icingaweb2. (Fri, 21 Aug 2020 21:21:03 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>. (Fri, 21 Aug 2020 21:21:03 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: icingaweb2
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

This was assigned CVE-2020-24368:
https://icinga.com/2020/08/19/icinga-web-security-release-v2-6-4-v2-7-4-and-v2-8-2/
https://github.com/Icinga/icingaweb2/issues/4226

Cheers,
        Moritz

Reply sent to Bas Couwenberg <sebastic@debian.org>:
You have taken responsibility. (Sat, 22 Aug 2020 06:06:03 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Sat, 22 Aug 2020 06:06:03 GMT) (full text, mbox, link).

Message #10 received at 968833-close@bugs.debian.org (full text, mbox, reply):

Source: icingaweb2
Source-Version: 2.8.2-1
Done: Bas Couwenberg <sebastic@debian.org>

We believe that the bug you reported is fixed in the latest version of
icingaweb2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 968833@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bas Couwenberg <sebastic@debian.org> (supplier of updated icingaweb2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 22 Aug 2020 07:16:12 +0200
Source: icingaweb2
Architecture: source
Version: 2.8.2-1
Distribution: unstable
Urgency: high
Maintainer: Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>
Changed-By: Bas Couwenberg <sebastic@debian.org>
Closes: 968833
Changes:
 icingaweb2 (2.8.2-1) unstable; urgency=high
 .
   * Team upload.
   * New upstream release.
     - Fixes CVE-2020-24368.
     (closes: #968833)
   * Update uglifyjs options for 3.10.1.
   * Update lintian overrides.
Checksums-Sha1:
 6c0c26d9f2a7c3ca6f9a757e6177b34cb5e18dc0 2354 icingaweb2_2.8.2-1.dsc
 6220132866baf03bef0e532cf232a2ea8b3d2252 8514166 icingaweb2_2.8.2.orig.tar.gz
 d2826ed318878deb3e6f5c3273a1d45d4eb64f86 12824 icingaweb2_2.8.2-1.debian.tar.xz
 8a375731dd01a60f4f6dcda2e748a0087212436e 8357 icingaweb2_2.8.2-1_amd64.buildinfo
Checksums-Sha256:
 52f12aeb1b6b0768fcb64b31075c4b498adad3ac2243da8a3a1da98229a0c5b0 2354 icingaweb2_2.8.2-1.dsc
 47d64bc4eeb574ca4ca2f765866a1612ed885d47d53cb3e7dc19adeb10b2b3db 8514166 icingaweb2_2.8.2.orig.tar.gz
 789856ff7f97ed2da73a22bd9f2acdf34884307cc0f5729d2f8d72ea7d25cf98 12824 icingaweb2_2.8.2-1.debian.tar.xz
 4e73e489b71bc6f080a2c8beb1cbf3d4fc17f009565bc25e9197d88942959f28 8357 icingaweb2_2.8.2-1_amd64.buildinfo
Files:
 1ce76448dacfa23a5779a7f1e3313024 2354 admin optional icingaweb2_2.8.2-1.dsc
 a6574b5f5f0af00bb1f4c53ff4322fe3 8514166 admin optional icingaweb2_2.8.2.orig.tar.gz
 e6bfbc0454efd4604531c12795cb507c 12824 admin optional icingaweb2_2.8.2-1.debian.tar.xz
 763b05c7251457eb46af1169d039df2c 8357 admin optional icingaweb2_2.8.2-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEgYLeQXBWQI1hRlDRZ1DxCuiNSvEFAl9AsHAACgkQZ1DxCuiN
SvGEOxAAuWs4QL1TCgRKmfBeL8gnMmE+mCeqTbcNjU0I83tTevGhd/jPzrxOVq7T
ygHE846mRe1q156uVC7dX4PCl6jem/A9vxsAEteTWvztDQppD2V63cjbDFr4jZRH
GebSvMZnvJsY7p7CdqX3+MHbTATUgj6VHAS5rtp08ciotBQj9bTZEdqWsR3IoMDD
o7e0DihHvk0amoOU2uzxpEYxowTQlHdsszyeXPf5Z7IRVX7u95hN+zAfNajE+NQa
15jxVKN40P6mAx8McDPSqFRVXj/NcSkFckdXwTdZSqQ1ilhqh917stYAGDdFcpKT
lmzXl2h6thO/eldLtPwxilcjdBdn9q/7xUoiNvkSIhucJaZqb4w+wwQzDFhEdr16
ElgcjSy8OGhCgKnjBy2aDr+BuOeBJ2H/Ub3r9Cm6yqCDujN1xGMSwzgQ58il9ZTi
N1WhQ3oLZMGbCHBtbnhK2OeJF3sJfzvOHkAb5cSs77ZpPmUHA4MgdHGHh++GCAU+
Q6aJDpTq4dFKXRJBk1ho9Dv2creh4Yt01+1exvfMxUXYtOo1ryDRctZ1ojFce9u2
r7CBDl6QePLtYbmETvydxJKFK4cfsuBtKGYdaHiuVQJZu9M3ZTSDXg7JuVLHsL1R
WRYvy+5mcl/FHR8zdBmxArRRJIRfQR50blIMkREbp6KTlBtbUcY=
=N5W4
-----END PGP SIGNATURE-----

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>:
Bug#968833; Package icingaweb2. (Sat, 22 Aug 2020 06:09:03 GMT) (full text, mbox, link).

Acknowledgement sent to Sebastiaan Couwenberg <sebastic@xs4all.nl>:
Extra info received and forwarded to list. Copy sent to Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>. (Sat, 22 Aug 2020 06:09:03 GMT) (full text, mbox, link).

Message #15 received at 968833@bugs.debian.org (full text, mbox, reply):

Control: tags -1 pending

Hi Moritz,

This is fixed in icingaweb2 (2.8.2-1) which was just uploaded to unstable.

I've also prepared an update for buster, see:

 https://salsa.debian.org/nagios-team/pkg-icingaweb2/-/commits/buster

Do you want to upload that to security-master or shall I?

Kind Regards,

Bas

-- 
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

Added tag(s) pending. Request was from Sebastiaan Couwenberg <sebastic@xs4all.nl> to 968833-submit@bugs.debian.org. (Sat, 22 Aug 2020 06:09:03 GMT) (full text, mbox, link).

Added tag(s) upstream. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 22 Aug 2020 06:51:02 GMT) (full text, mbox, link).

Marked as found in versions icingaweb2/2.8.2-1; no longer marked as fixed in versions icingaweb2/2.8.2-1 and reopened. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 22 Aug 2020 06:51:03 GMT) (full text, mbox, link).

Marked as found in versions icingaweb2/2.6.2-3. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 22 Aug 2020 06:51:03 GMT) (full text, mbox, link).

No longer marked as found in versions icingaweb2/2.8.2-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 22 Aug 2020 06:51:05 GMT) (full text, mbox, link).

Marked as fixed in versions icingaweb2/2.8.2-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 22 Aug 2020 06:51:06 GMT) (full text, mbox, link).

Set Bug forwarded-to-address to 'https://github.com/Icinga/icingaweb2/issues/4226'. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 22 Aug 2020 06:51:08 GMT) (full text, mbox, link).

Marked as found in versions icingaweb2/2.8.1-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 22 Aug 2020 07:00:03 GMT) (full text, mbox, link).

Marked Bug as done Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 22 Aug 2020 07:00:03 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Sat, 22 Aug 2020 07:00:04 GMT) (full text, mbox, link).

Message sent on to Moritz Muehlenhoff <jmm@debian.org>:
Bug#968833. (Sat, 22 Aug 2020 07:00:05 GMT) (full text, mbox, link).

Message #38 received at 968833-submitter@bugs.debian.org (full text, mbox, reply):

found 968833 2.8.1-1
# rectify previous mistake with found/notfound dance
close 968833 2.8.2-1
thanks

Marked as found in versions icingaweb2/2.0.0~beta3-1. Request was from Bas Couwenberg <sebastic@debian.org> to control@bugs.debian.org. (Sat, 22 Aug 2020 08:36:03 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Aug 22 10:23:39 2020; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-24368

Debian Bug report logs - #968833
CVE-2020-24368

Vulmon Search

About

Products

Connect

CVE-2020-24368

Debian Bug report logs - #968833 CVE-2020-24368

Vulmon Search

About

Products

Connect

Debian Bug report logs - #968833
CVE-2020-24368