From ${URL} : I'd found a CSRF issue in Monit(https://mmonit.com/monit/) in the Service Manager application that affects versions 5.19.0 and earlier. Red Hat has assigned CVE-2016-7067 to this issue. Monit has fixed this issue in version 5.20.0 Description: The forms in Monit's Service Manager are vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host, disable/enable monitoring for a specific service. Upstream Commit: https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987f2d863e3?at=master Adith Sudhakar @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
Arches please test and mark stable =app-admin/monit-5.20.0 with target KEYWORDS: amd64 ppc ~ppc64 x86 ~amd64-linux
amd64 stable
x86 stable
ppc stable. Maintainer(s), please cleanup.
GLSA Vote: No
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c11bf58830fb251d1cd212617a2c1fb6a4a880a3