Marc Haber wrote:
> On Mon, May 15, 2006 at 06:12:35PM -0500, Ethan Galstad wrote:
>> Changelogs for both the 2.3.1 and 1.4.1 releases are included below.
>>
>> 2.3.1 - 05/15/2006
>> ----------------
>> * Bug fix for HTTP content_length header integer overflow in CGIs
>>
>>
>> 1.4.1 - 05/15/2006
>> ----------------
>> * Bug fix for HTTP content_length header integer overflow in CGIs
>
> Do those vulnerabilities have CVE numbers? If so, it would be great to
> have them listed in the changelog. This will greatly ease the work of
> security people in the distributions.
>
> Greetings
> Marc
>
Looks like there are two CVE numbers assigned from:
http://www.cve.mitre.org/cgi-bin/cvekey ... ord=nagios
CVE-2006-2489 (pre 2.3.1/1.4.1)
CVE-2006-2162 (pre 2.3/1.4)
Ethan Galstad,
Nagios Developer
---
Email: [email protected]
Website: http://www.nagios.org
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]