Summary: | <net-analyzer/nagios-4.4.6: URL injection (post-authentication) vulnerability (CVE-2020-13977) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | mjo, sysadmin |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B4 [noglsa cve] | ||
Package list: |
=net-analyzer/nagios-4.4.6
=net-analyzer/nagios-core-4.4.6
|
Runtime testing required: | --- |
Description
Sam James
2020-06-09 13:58:00 UTC
@maintainer(s), please bump to 4.4.6. Already added a month ago, feel free to stabilize. (In reply to Michael Orlitzky from comment #2) > Already added a month ago, feel free to stabilize. Thank you! Sorry, not sure how I missed it earlier. Sanity check failed:
> net-analyzer/nagios-4.4.6
> rdepend amd64 stable profile default/linux/amd64/17.0 (66 total)
> ~net-analyzer/nagios-core-4.4.6
> rdepend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (4 total)
> ~net-analyzer/nagios-core-4.4.6
sparc stable amd64 stable ppc stable ppc64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40f9c50e93d99e5afbddadfa6373e5637ff5a6e3 commit 40f9c50e93d99e5afbddadfa6373e5637ff5a6e3 Author: Michael Orlitzky <mjo@gentoo.org> AuthorDate: 2020-06-11 12:29:42 +0000 Commit: Michael Orlitzky <mjo@gentoo.org> CommitDate: 2020-06-11 12:31:50 +0000 net-analyzer/nagios-core: remove old version subject to CVE-2020-13977. Bug: https://bugs.gentoo.org/727662 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Michael Orlitzky <mjo@gentoo.org> net-analyzer/nagios-core/Manifest | 1 - .../nagios-core/nagios-core-4.4.5-r6.ebuild | 242 --------------------- 2 files changed, 243 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=01331133cc7b2bf1a859749a8e3d9902ac46be4c commit 01331133cc7b2bf1a859749a8e3d9902ac46be4c Author: Michael Orlitzky <mjo@gentoo.org> AuthorDate: 2020-06-11 12:28:24 +0000 Commit: Michael Orlitzky <mjo@gentoo.org> CommitDate: 2020-06-11 12:31:50 +0000 net-analyzer/nagios: remove old version vulnerable to CVE-2020-13977. Bug: https://bugs.gentoo.org/727662 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Michael Orlitzky <mjo@gentoo.org> net-analyzer/nagios/nagios-4.4.5.ebuild | 15 --------------- 1 file changed, 15 deletions(-) |