Re: [Nagios-devel] xss vulnerabilities in nagios 3.2.3
Posted: Fri Jun 10, 2011 9:35 am
On 06/10/2011 10:57 AM, Michael Friedrich wrote:
> hi,
>
> on your tracker, 2 issues point to several xss vulnerabilities. since
> we've fixed them in icinga, and previous command expander needed an
> enhanced patch too, i decided to push that over her too while adding
> that patch to the omd package.
>
> description is in icinga's dev tracker
>
> https://dev.icinga.org/issues/1281
> https://dev.icinga.org/issues/1605
>
> this is a combined fix of those 2 issues #207 #224 @
> tracker.nagios.org, diff'ed against 3.2.3 release on holger's git
> repository.
>
> feel free to to accept it or not, as usual i won't provide any tests
> as user feedback was sufficient.
>
Thanks. I'll take a look and get in touch with Mitre on sunday.
--
Andreas Ericsson [email protected]
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
Considering the successes of the wars on alcohol, poverty, drugs and
terror, I think we should give some serious thought to declaring war
on peace.
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
> hi,
>
> on your tracker, 2 issues point to several xss vulnerabilities. since
> we've fixed them in icinga, and previous command expander needed an
> enhanced patch too, i decided to push that over her too while adding
> that patch to the omd package.
>
> description is in icinga's dev tracker
>
> https://dev.icinga.org/issues/1281
> https://dev.icinga.org/issues/1605
>
> this is a combined fix of those 2 issues #207 #224 @
> tracker.nagios.org, diff'ed against 3.2.3 release on holger's git
> repository.
>
> feel free to to accept it or not, as usual i won't provide any tests
> as user feedback was sufficient.
>
Thanks. I'll take a look and get in touch with Mitre on sunday.
--
Andreas Ericsson [email protected]
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
Considering the successes of the wars on alcohol, poverty, drugs and
terror, I think we should give some serious thought to declaring war
on peace.
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]