Summary: | <net-analyzer/nagios-core-3.5.1: Information leak (CVE-2013-{7108,7205}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | andrew, creffett, mjo, sysadmin |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B4 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 531954 |
Description
GLSAMaker/CVETool Bot
2014-02-13 15:29:28 UTC
Bumped. Arches, please test and mark stable: =net-analyzer/nagios-core-3.5.1 Target arches: alpha amd64 arm hppa ppc ppc64 sparc x86 My mistake, should have added nagios, and arm wasn't stable before. New stable targets: =net-analyzer/nagios-3.5.1 =net-analyzer/nagios-core-3.5.1 Target arches: alpha amd64 hppa ppc ppc64 sparc x86 Stable for HPPA. amd64 stable x86 stable alpha stable ppc64 stable ppc stable sparc stable. Maintainer(s), please cleanup. Security, please vote. Arches, Thank you for your work Maintainer(s), please drop the vulnerable version(s). GLSA Vote: No @Alexander, creffett: do either of you mind if I drop nagios and nagios core before 3.5.1? GLSA Vote: Yes due to existing GLSA request for bug 447802 (In reply to Kristian Fiskerstrand from comment #12) > GLSA Vote: Yes due to existing GLSA request for bug 447802 Agreed. I meant "Andrew" in my last comment, not "Alexander," sorry. I blame the Hamilton. Also: ping! We've got at least three security bugs open for <nagios-3.5.1 so I'd like to get rid of them. If I don't hear an objection for a while, I'll do the easier-to-ask-forgiveness thing =) This issue was resolved and addressed in GLSA 201412-23 at http://security.gentoo.org/glsa/glsa-201412-23.xml by GLSA coordinator Sean Amoss (ackle). (In reply to Agostino Sarubbo from comment #9) > sparc stable. Only nagios-core-3.5.1 is stable for sparc, but not nagios-3.5.1. Is this intentional? For net-analyzer/nagios-3.5.1: KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ppc ~ppc64 ~sparc x86" and net-analyzer/nagios-core-3.5.1: KEYWORDS="alpha amd64 ~arm ~arm64 hppa ppc ppc64 sparc x86" It looks like we need alpha, ppc, ppc64, and sparc stabilizations for =net-analyzer/nagios-3.5.1. Reopening for stabilization as per comment #17. Looks like with a bit of confusion some arches stabilizations were missed. Please stabilize: =net-analyzer/nagios-3.5.1 Target missed arches: alpha ppc ppc64 sparc alpha stable ppc stable ppc64 stable sparc stable. Maintainer(s), please cleanup. Security, please vote. GLSA for this is already out c.f comment #15. Cleanup done, closing. |