Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2020-14004

Related Vulnerabilities: CVE-2020-14004  

Source

Debian Bug report logs - #970252
CVE-2020-14004

version graph

Package: icinga2; Maintainer for icinga2 is Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>; Source for icinga2 is src:icinga2 (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Sun, 13 Sep 2020 20:42:01 UTC

Severity: important

Tags: fixed-upstream, security, upstream

Found in versions icinga2/2.11.3-2, icinga2/2.9.0-1

Fixed in versions icinga2/2.11.5-1, icinga2/2.12.0-1~exp1

Done: Sebastiaan Couwenberg <sebastic@xs4all.nl>

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>:
Bug#970252; Package icinga2. (Sun, 13 Sep 2020 20:42:03 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>. (Sun, 13 Sep 2020 20:42:03 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2020-14004
Date: Sun, 13 Sep 2020 22:39:07 +0200
Package: icinga2
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

Please see https://www.openwall.com/lists/oss-security/2020/06/12/1

Cheers,
        Moritz

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>:
Bug#970252; Package icinga2. (Mon, 14 Sep 2020 03:51:05 GMT) (full text, mbox, link).

Acknowledgement sent to Sebastiaan Couwenberg <sebastic@xs4all.nl>:
Extra info received and forwarded to list. Copy sent to Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>. (Mon, 14 Sep 2020 03:51:05 GMT) (full text, mbox, link).

Message #10 received at 970252@bugs.debian.org (full text, mbox, reply):

From: Sebastiaan Couwenberg <sebastic@xs4all.nl>
To: Moritz Muehlenhoff <jmm@debian.org>, 970252@bugs.debian.org
Subject: Re: [Pkg-nagios-devel] Bug#970252: CVE-2020-14004
Date: Mon, 14 Sep 2020 05:41:52 +0200
Control: fixed -1 icinga2/2.12.0-1~exp1
Control: tags -1 pending

On 9/13/20 10:39 PM, Moritz Muehlenhoff wrote:
> Please see https://www.openwall.com/lists/oss-security/2020/06/12/1

This is fixed upstream in:

 v2.12.0 v2.11.5 v2.11.4

The former is already in experimental, and the 2.11 package in unstable
will be updated to .5 to have the fix as well.

Kind Regards,

Bas

-- 
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

Marked as fixed in versions icinga2/2.12.0-1~exp1. Request was from Sebastiaan Couwenberg <sebastic@xs4all.nl> to 970252-submit@bugs.debian.org. (Mon, 14 Sep 2020 03:51:05 GMT) (full text, mbox, link).

Added tag(s) pending. Request was from Sebastiaan Couwenberg <sebastic@xs4all.nl> to 970252-submit@bugs.debian.org. (Mon, 14 Sep 2020 03:51:06 GMT) (full text, mbox, link).

Marked as found in versions icinga2/2.11.3-2. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Mon, 14 Sep 2020 04:33:04 GMT) (full text, mbox, link).

Added tag(s) upstream and fixed-upstream. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Mon, 14 Sep 2020 04:33:05 GMT) (full text, mbox, link).

Marked as fixed in versions icinga2/2.11.5-1. Request was from Sebastiaan Couwenberg <sebastic@xs4all.nl> to control@bugs.debian.org. (Mon, 14 Sep 2020 04:42:02 GMT) (full text, mbox, link).

Reply sent to Sebastiaan Couwenberg <sebastic@xs4all.nl>, 970252@bugs.debian.org:
You have taken responsibility. (Mon, 14 Sep 2020 04:51:02 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Mon, 14 Sep 2020 04:51:03 GMT) (full text, mbox, link).

Message #25 received at 970252-done@bugs.debian.org (full text, mbox, reply):

From: Sebastiaan Couwenberg <sebastic@xs4all.nl>
To: Moritz Muehlenhoff <jmm@debian.org>, 970252-done@bugs.debian.org
Subject: Re: [Pkg-nagios-devel] Bug#970252: Bug#970252: CVE-2020-14004
Date: Mon, 14 Sep 2020 06:38:54 +0200
fixed 970252 icinga2/2.11.5-1
thanks

On 9/14/20 5:41 AM, Sebastiaan Couwenberg wrote:
> On 9/13/20 10:39 PM, Moritz Muehlenhoff wrote:
>> Please see https://www.openwall.com/lists/oss-security/2020/06/12/1
> 
> This is fixed upstream in:
> 
>  v2.12.0 v2.11.5 v2.11.4
> 
> The former is already in experimental, and the 2.11 package in unstable
> will be updated to .5 to have the fix as well.

icinga2 (2.11.5-1) has been uploaded to unstable.

Kind Regards,

Bas

-- 
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>:
Bug#970252; Package icinga2. (Mon, 14 Sep 2020 05:12:02 GMT) (full text, mbox, link).

Acknowledgement sent to Sebastiaan Couwenberg <sebastic@xs4all.nl>, 970252@bugs.debian.org:
Extra info received and forwarded to list. Copy sent to Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>. (Mon, 14 Sep 2020 05:12:02 GMT) (full text, mbox, link).

Message #30 received at 970252@bugs.debian.org (full text, mbox, reply):

From: Sebastiaan Couwenberg <sebastic@xs4all.nl>
To: Moritz Muehlenhoff <jmm@debian.org>, 970252@bugs.debian.org
Subject: Re: [Pkg-nagios-devel] Bug#970252: Bug#970252: CVE-2020-14004
Date: Mon, 14 Sep 2020 07:09:05 +0200
On 9/14/20 6:38 AM, Sebastiaan Couwenberg wrote:
> On 9/14/20 5:41 AM, Sebastiaan Couwenberg wrote:
>> On 9/13/20 10:39 PM, Moritz Muehlenhoff wrote:
>>> Please see https://www.openwall.com/lists/oss-security/2020/06/12/1
>>
>> This is fixed upstream in:
>>
>>  v2.12.0 v2.11.5 v2.11.4
>>
>> The former is already in experimental, and the 2.11 package in unstable
>> will be updated to .5 to have the fix as well.
> 
> icinga2 (2.11.5-1) has been uploaded to unstable.

The update for buster is also available:

 https://salsa.debian.org/nagios-team/pkg-icinga2/-/commits/buster

Is it alright to upload the -sa build to security-master?

Kind Regards,

Bas

-- 
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

Marked as found in versions icinga2/2.9.0-1. Request was from Bas Couwenberg <sebastic@debian.org> to control@bugs.debian.org. (Mon, 14 Sep 2020 06:18:04 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Sep 14 06:41:22 2020; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started