Debian Bug report logs -
#970252
CVE-2020-14004
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Sun, 13 Sep 2020 20:42:01 UTC
Severity: important
Tags: fixed-upstream, security, upstream
Found in versions icinga2/2.11.3-2, icinga2/2.9.0-1
Fixed in versions icinga2/2.11.5-1, icinga2/2.12.0-1~exp1
Done: Sebastiaan Couwenberg <sebastic@xs4all.nl>
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>
:
Bug#970252
; Package icinga2
.
(Sun, 13 Sep 2020 20:42:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>
.
(Sun, 13 Sep 2020 20:42:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: icinga2
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
Please see https://www.openwall.com/lists/oss-security/2020/06/12/1
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>
:
Bug#970252
; Package icinga2
.
(Mon, 14 Sep 2020 03:51:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Sebastiaan Couwenberg <sebastic@xs4all.nl>
:
Extra info received and forwarded to list. Copy sent to Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>
.
(Mon, 14 Sep 2020 03:51:05 GMT) (full text, mbox, link).
Message #10 received at 970252@bugs.debian.org (full text, mbox, reply):
Control: fixed -1 icinga2/2.12.0-1~exp1
Control: tags -1 pending
On 9/13/20 10:39 PM, Moritz Muehlenhoff wrote:
> Please see https://www.openwall.com/lists/oss-security/2020/06/12/1
This is fixed upstream in:
v2.12.0 v2.11.5 v2.11.4
The former is already in experimental, and the 2.11 package in unstable
will be updated to .5 to have the fix as well.
Kind Regards,
Bas
--
GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
Marked as fixed in versions icinga2/2.12.0-1~exp1.
Request was from Sebastiaan Couwenberg <sebastic@xs4all.nl>
to 970252-submit@bugs.debian.org
.
(Mon, 14 Sep 2020 03:51:05 GMT) (full text, mbox, link).
Added tag(s) pending.
Request was from Sebastiaan Couwenberg <sebastic@xs4all.nl>
to 970252-submit@bugs.debian.org
.
(Mon, 14 Sep 2020 03:51:06 GMT) (full text, mbox, link).
Marked as found in versions icinga2/2.11.3-2.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Mon, 14 Sep 2020 04:33:04 GMT) (full text, mbox, link).
Added tag(s) upstream and fixed-upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Mon, 14 Sep 2020 04:33:05 GMT) (full text, mbox, link).
Marked as fixed in versions icinga2/2.11.5-1.
Request was from Sebastiaan Couwenberg <sebastic@xs4all.nl>
to control@bugs.debian.org
.
(Mon, 14 Sep 2020 04:42:02 GMT) (full text, mbox, link).
Reply sent
to Sebastiaan Couwenberg <sebastic@xs4all.nl>, 970252@bugs.debian.org
:
You have taken responsibility.
(Mon, 14 Sep 2020 04:51:02 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>
:
Bug acknowledged by developer.
(Mon, 14 Sep 2020 04:51:03 GMT) (full text, mbox, link).
Message #25 received at 970252-done@bugs.debian.org (full text, mbox, reply):
fixed 970252 icinga2/2.11.5-1
thanks
On 9/14/20 5:41 AM, Sebastiaan Couwenberg wrote:
> On 9/13/20 10:39 PM, Moritz Muehlenhoff wrote:
>> Please see https://www.openwall.com/lists/oss-security/2020/06/12/1
>
> This is fixed upstream in:
>
> v2.12.0 v2.11.5 v2.11.4
>
> The former is already in experimental, and the 2.11 package in unstable
> will be updated to .5 to have the fix as well.
icinga2 (2.11.5-1) has been uploaded to unstable.
Kind Regards,
Bas
--
GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>
:
Bug#970252
; Package icinga2
.
(Mon, 14 Sep 2020 05:12:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Sebastiaan Couwenberg <sebastic@xs4all.nl>, 970252@bugs.debian.org
:
Extra info received and forwarded to list. Copy sent to Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>
.
(Mon, 14 Sep 2020 05:12:02 GMT) (full text, mbox, link).
Message #30 received at 970252@bugs.debian.org (full text, mbox, reply):
On 9/14/20 6:38 AM, Sebastiaan Couwenberg wrote:
> On 9/14/20 5:41 AM, Sebastiaan Couwenberg wrote:
>> On 9/13/20 10:39 PM, Moritz Muehlenhoff wrote:
>>> Please see https://www.openwall.com/lists/oss-security/2020/06/12/1
>>
>> This is fixed upstream in:
>>
>> v2.12.0 v2.11.5 v2.11.4
>>
>> The former is already in experimental, and the 2.11 package in unstable
>> will be updated to .5 to have the fix as well.
>
> icinga2 (2.11.5-1) has been uploaded to unstable.
The update for buster is also available:
https://salsa.debian.org/nagios-team/pkg-icinga2/-/commits/buster
Is it alright to upload the -sa build to security-master?
Kind Regards,
Bas
--
GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
Marked as found in versions icinga2/2.9.0-1.
Request was from Bas Couwenberg <sebastic@debian.org>
to control@bugs.debian.org
.
(Mon, 14 Sep 2020 06:18:04 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Mon Sep 14 06:41:22 2020;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.