Re: [Nagios-devel] xss vulnerabilities in nagios 3.2.3
Posted: Mon Jun 13, 2011 7:55 am
On 10 Jun 2011, at 09:57, Michael Friedrich wrote:
> hi,
>=20
> on your tracker, 2 issues point to several xss vulnerabilities. since =
we've fixed them in icinga, and previous command expander needed an =
enhanced patch too, i decided to push that over her too while adding =
that patch to the omd package.
>=20
> description is in icinga's dev tracker
>=20
> https://dev.icinga.org/issues/1281
> https://dev.icinga.org/issues/1605
>=20
> this is a combined fix of those 2 issues #207 #224 @ =
tracker.nagios.org, diff'ed against 3.2.3 release on holger's git =
repository.
>=20
> feel free to to accept it or not, as usual i won't provide any tests =
as user feedback was sufficient.
Thanks for the highlight. I've committed in 1741 with tests in =
618cgisecurity.t to check for escaping of tags.
Ton
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]