Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 213766 - net-analyzer/nagios-core < 2.11 Unspecified XSS vulnerability (CVE-2008-1360)
Summary: net-analyzer/nagios-core < 2.11 Unspecified XSS vulnerability (CVE-2008-1360)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Security
URL: http://www.nagios.org/development/cha...
Whiteboard: B4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-03-18 02:17 UTC by Robert Buchholz (RETIRED)
Modified: 2008-03-24 22:21 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2008-03-18 02:17:48 UTC 
CVE-2008-1360 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1360):
  Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows remote
  attackers to inject arbitrary web script or HTML via unknown vectors to
  unspecified CGI scripts, a different issue than CVE-2007-5624.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-03-18 02:19:10 UTC 
Good to go stable?
Comment 2 Tobias Scherbaum (RETIRED) gentoo-dev 2008-03-18 14:58:33 UTC 
yes, please.
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2008-03-18 15:13:16 UTC 
Arches, please test and mark stable:
=net-analyzer/nagios-core-2.11
Target keywords : "amd64 ppc64 release sparc x86"
Comment 4 Markus Rothe (RETIRED) gentoo-dev 2008-03-19 19:11:22 UTC 
ppc64 stable
Comment 5 Markus Meier gentoo-dev 2008-03-20 22:02:31 UTC 
should =net-analyzer/nagios-2.11 also go stable as it depends on ~net-analyzer/nagios-core${PV}?
Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev 2008-03-20 22:28:28 UTC 
(In reply to comment #5)
> should =net-analyzer/nagios-2.11 also go stable as it depends on
> ~net-analyzer/nagios-core${PV}?
> 

uhrm, yeah ...
Comment 7 Markus Meier gentoo-dev 2008-03-21 10:30:34 UTC 
amd64/x86 stable. readding ppc64: see  comment #6
Comment 8 Brent Baude (RETIRED) gentoo-dev 2008-03-21 14:18:56 UTC 
ppc64 stablized =nagios-2.11 now too
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2008-03-22 15:37:39 UTC 
sparc stable
Comment 10 Tobias Scherbaum (RETIRED) gentoo-dev 2008-03-23 11:44:10 UTC 
this one is ready for glsa-vote
Comment 11 Peter Volkov (RETIRED) gentoo-dev 2008-03-23 12:16:03 UTC 
Fixed in release snapshot.
Comment 12 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-03-24 21:03:38 UTC 
XSS -> voting NO.
Comment 13 Robert Buchholz (RETIRED) gentoo-dev 2008-03-24 22:21:03 UTC 
NO, closing.