Debian Bug report logs -
#803432
icinga: CVE-2015-8010: XSS in the Icinga Classic-UI
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>:
Bug#803432; Package src:icinga.
(Fri, 30 Oct 2015 05:51:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>.
(Fri, 30 Oct 2015 05:51:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: icinga
Version: 1.7.1-1
Severity: important
Tags: security upstream patch fixed-upstream
Forwarded: https://dev.icinga.org/issues/10453
Hi,
the following vulnerability was published for icinga.
CVE-2015-8010[0]:
XSS in the Icinga Classic-UI
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-8010
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Reply sent
to Markus Frosch <lazyfrosch@debian.org>:
You have taken responsibility.
(Sun, 21 Aug 2016 12:36:05 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sun, 21 Aug 2016 12:36:05 GMT) (full text, mbox, link).
Message #10 received at 803432-close@bugs.debian.org (full text, mbox, reply):
Source: icinga
Source-Version: 1.13.3-3
We believe that the bug you reported is fixed in the latest version of
icinga, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 803432@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Markus Frosch <lazyfrosch@debian.org> (supplier of updated icinga package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 21 Aug 2016 14:12:35 +0200
Source: icinga
Binary: icinga-common icinga-cgi icinga-cgi-bin icinga-idoutils icinga icinga-core icinga-doc icinga-dbg
Architecture: source amd64 all
Version: 1.13.3-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>
Changed-By: Markus Frosch <lazyfrosch@debian.org>
Description:
icinga - host and network monitoring system - metapackage
icinga-cgi - host and network monitoring system - CGI scripts
icinga-cgi-bin - host and network monitoring system - CGI scripts
icinga-common - host and network monitoring system - support files
icinga-core - host and network monitoring system - core files
icinga-dbg - host and network monitoring system - debug files
icinga-doc - host and network monitoring system - documentation
icinga-idoutils - host and network monitoring system - icinga-dataobjects support
Closes: 803432 810173 821992 831332
Changes:
icinga (1.13.3-3) unstable; urgency=medium
.
[ Markus Frosch ]
* [0e0a082] Update VCS URLs
* [5da079a] Remove libpng12-dev build-dep, use only libpng-dev
(Closes: #810173)
.
[ Nishanth Aravamudan ]
* [40e540b] Add build-arch and build-indep targets to d/rules
(Closes: #821992)
* [6182dcb] Classic UI: fixed menu disappear with jQuery 1.11+
(Closes: #831332)
.
[ Markus Frosch ]
* [40490d6] Add patch to fix CVE-2015-8010 (Closes: #803432)
Checksums-Sha1:
e70f06788cb301001331f71a848809526d083b44 2126 icinga_1.13.3-3.dsc
e43e5e6f76e8d593853ce82e0a9132df0253ba10 128755 icinga_1.13.3-3.diff.gz
73e0c0ff91047c2705b95949445786eb28e63550 3824896 icinga-cgi-bin_1.13.3-3_amd64.deb
56fbe70f4f15b586c28ccddfd952725d19173776 78730 icinga-cgi_1.13.3-3_amd64.deb
bd826469b4acbf121739b106084a82044947d3e6 125574 icinga-common_1.13.3-3_all.deb
ec2bb0aac68ee243c76405c9de846ee30d4ceddf 243414 icinga-core_1.13.3-3_amd64.deb
9e9c93296547a60c5cecd94a7b333c641a9ac5b7 2206392 icinga-dbg_1.13.3-3_amd64.deb
e0224e681fcb08143f7a45d8a75862fe1091696d 12898730 icinga-doc_1.13.3-3_all.deb
1e851f84f4311ab2432ff778099df573a20f8183 207408 icinga-idoutils_1.13.3-3_amd64.deb
96ce3ed51a12e7c833a272f19780af052a933ad3 1358 icinga_1.13.3-3_amd64.deb
Checksums-Sha256:
86f8eed967a7027591df2829e99b8758bebefe5f88952556534961ff68d1729c 2126 icinga_1.13.3-3.dsc
4961221b4e12b23cb434eb60410a342a80bdaeccbf98beed18cc28467b5dda89 128755 icinga_1.13.3-3.diff.gz
77826907014d97631ddac0ec49795576afad0a550322c1c2f2ba3e2b35f3681b 3824896 icinga-cgi-bin_1.13.3-3_amd64.deb
1d62e76cb6abeb33d07d98cb62d210d5c24638c93637b7d0fea61a7810f8c788 78730 icinga-cgi_1.13.3-3_amd64.deb
4d9a354ec5eb74dcd3058eb9e933cd6a99a42666f7e8dfad327463a188b9db81 125574 icinga-common_1.13.3-3_all.deb
cdd6316c52e89a52137550d3680fa644fd34b159224b17494738dcac3db71652 243414 icinga-core_1.13.3-3_amd64.deb
385514307bcc0741b17df7d31f8bb23ca3dc07cf330431d65fe41bc3d4bf1ee4 2206392 icinga-dbg_1.13.3-3_amd64.deb
2f97c8d8b8419c808f2ae7eb06bbb01b5ab1262f1ffaa3b5bc1b4e888640ef84 12898730 icinga-doc_1.13.3-3_all.deb
43584c725bd0d6b1687443fd03fc7deda8f8e6a8ea327f908f345c49e279d2a0 207408 icinga-idoutils_1.13.3-3_amd64.deb
c3e7082428d3cd8976235db34f302555d9b31c60ad17dc0052608004ebbf0596 1358 icinga_1.13.3-3_amd64.deb
Files:
c5a0c874228d05ab78867aa4ac14e463 2126 net optional icinga_1.13.3-3.dsc
f5fe13ac507f46a01992e5a221e731f5 128755 net optional icinga_1.13.3-3.diff.gz
01ac3be01a852dc9ee1f84a5d06fbe93 3824896 net optional icinga-cgi-bin_1.13.3-3_amd64.deb
eb45c910df36c23be648012a01db6ae1 78730 net optional icinga-cgi_1.13.3-3_amd64.deb
4d93f425a2b5ca2174eaf03437ccc203 125574 net optional icinga-common_1.13.3-3_all.deb
65db858d4f786ace252440193105870b 243414 net optional icinga-core_1.13.3-3_amd64.deb
4be88894eb4d98b4ea29c1dbead21d37 2206392 debug extra icinga-dbg_1.13.3-3_amd64.deb
5cb9d965334bda7ccc90397614024eb8 12898730 doc optional icinga-doc_1.13.3-3_all.deb
ef88365d3229740701bd967b7b898473 207408 net optional icinga-idoutils_1.13.3-3_amd64.deb
080ea0b236f27c3eb757023c15b52e48 1358 net optional icinga_1.13.3-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXuZ4jAAoJEPJhXZqrmHtuLPkIALia7I8Y6W5rKQIql7EPLonG
j5aqE77sFOqtnAoLK7Twy8D77XaIYW4b2Rb7tZLH1NyevEkqkFFJFz32x4ZxOVh+
JP/vQus6VaBApsWKyMK9VaW3HwzO2OUni7RAseFOP24FIw1/O1bRI1J7V3hLkVXq
tVqo0tlIXrTSh+UrV3u5qSYaiRgLpQq3giuNFOI0k0ts4AqB/IGWN2f2QNLn+DpV
U1idME17fvwrR2r4YwxbAOs0AHbXvEvgpGS2JM1xrveQFEBi+Dd6E+1FbQYGt+iD
viyxyC5T+umi0PqjkJzmlZmb5qHOupifl5HZMEl8XjmPdR8AHrirb33JClURYLw=
=PtIe
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 24 Sep 2016 07:26:52 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:16:40 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon