* Fix possible root privilege escalation during opening logs (CVE-2016-9566) #13709 I'm not actually sure if the cve effects this as this is supposed to be the front-end split out. But I've added 1.14.0 to the tree and cleaned old packages Reproducible: Always
(In reply to Matthew Thode ( prometheanfire ) from comment #0) > I'm not actually sure if the cve effects this as this is supposed to be the > front-end split out. But I've added 1.14.0 to the tree and cleaned old > packages I would suggest to close this bug (maybe as invalid) because like Matthew already suspected the net-analyzer/icinga-web package isn't affected. The vulnerable code was https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4 which isn't included in this package. The icinga web component was only a potential vector to access the vulnerability because the www-user needs to access some nagios/icinga files and therefore is often added to nagios group with the result that the www-data user can start the attack.