CVE-2012-3441 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3441): The database creation script (module/idoutils/db/scripts/create_mysqldb.sh) in Icinga 1.7.1 grants access to all databases to the icinga user, which allows icinga users to access other databases via unspecified vectors.
Maintainers: This is fixed in 1.7.2. Patches are available at http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3441 if you want to stay on 1.6. Please let us know what your desired course of action is.
updated to 1.7.2 please stabilize 1.7.2 and let me know so I can destabilize 1.6.1-r2 (or you can do it).
Arches, please test and mark stable: =net-analyzer/icinga-1.7.2 Target keywords : "amd64 x86"
amd64 stable
x86 done, last arch!
Thanks, everyone. Matthew: <net-analyzer/icinga-1.7.2 can be dropped now. GLSA vote: no.
cleaned up the old stuff
should this be closed (know the rules, not by me), since the affected versions are not in tree now?
Thanks, folks. GLSA Vote: no. Closing.