Summary: | net-analyzer/nagios-core <2.12 XSS issues (CVE-2007-5803) | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||||
Status: | RESOLVED FIXED | ||||||||||
Severity: | minor | CC: | dertobi123, netmon | ||||||||
Priority: | High | ||||||||||
Version: | unspecified | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
URL: | http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html | ||||||||||
Whiteboard: | B4 [noglsa] | ||||||||||
Package list: | Runtime testing required: | --- | |||||||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
2008-02-01 08:43:14 UTC
Created attachment 142361 [details, diff]
CVE-2007-5803.diff
Patch proposed by Ludwig Nussel.
Created attachment 142376 [details]
nagios-core-2.10-r2.ebuild
Find attached a nagios-core-2.10-r2 ebuild which includes CVE-2007-5803.diff. (Just an additional epatch) Compiles fine, will do further testing.
Any news about a release date? nagios-2.11 has been released on wednesday, its Changelog mentions "Fix for a potential cross site scripting vulnerability in the CGIs" though the proposed patch for this bug ("CVE-2007-5803") hasn't been applied yet ... This is public via URL. Created attachment 153125 [details, diff]
nagios-2.9-CVE-2007-5803.diff
Extracted from nagios-2.9-48.4.src.rpm.
http://sourceforge.net/project/shownotes.php?release_id=600377 2.12 was released with the fix. Added both 2.12 and 3.0.2, the latter one is still p.masked. Please mark as stable: =net-analyzer/nagios-2.12 =net-analyzer/nagios-core-2.12 Sparc stable. x86 stable ppc64 stable amd64 stable, all arches done. Fixed in release snapshot. sorry for the lag :/ time for glsa decision... XSS => I vote NO. NO, closing. |