First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 43967
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Jedi/Sector One <gentoo@pureftpd.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
klieber: ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 43967 depends on: Show dependency tree
Bug 43967 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-03-07 09:59 0000 
There's a remotely exploitable vulnerability in Monit < 4.1.1 .
Current stable and unstable versions in the portage tree are vulnerable.
Please upgrade Monit to 4.1.1 ASAP.
Bumping the version number in the ebuild is enough, I've been extensively testing it.

------- Comment #1 From Kurt Lieber 2004-03-30 00:16:55 0000 ------- 
http://www.tildeslash.com/monit/secadv_20031121.txt contains the vuln. posting.

Markus -- 4.2 is ~masked in portage.  Can you see if we can bump that to stable?

The only arch that 4.1 is even keyworded for is x86, so we don't need to worry about other arches for this particular bug.

------- Comment #2 From Kurt Lieber 2004-03-30 00:18:53 0000 ------- 
Aida -- can you draft a GLSA for this one?

------- Comment #3 From Aida Escriva-Sammer 2004-03-30 04:38:54 0000 ------- 
GLSA in progress.

------- Comment #4 From Markus Nigbur (RETIRED) 2004-03-30 13:10:18 0000 ------- 
4.2 marked stbale on x86. Should run without any issues, else blame me.

------- Comment #5 From Thierry Carrez (RETIRED) 2004-04-01 07:04:52 0000 ------- 
GLSA 200403-14 sent
Closing.
First Last Prev Next    No search results available      Search page      Enter new bug