Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 196732 - net-analyzer/nagios-core<=2.10 possible cross site scripting vulnerability in the CGIs (CVE-2007-5624)
Summary: net-analyzer/nagios-core<=2.10 possible cross site scripting vulnerability in...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://www.nagios.org/development/cha...
Whiteboard: ~4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2007-10-22 18:37 UTC by Tobias Scherbaum (RETIRED)
Modified: 2007-10-23 20:29 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tobias Scherbaum (RETIRED) gentoo-dev 2007-10-22 18:37:23 UTC
From the Changelog:
"Fix for a potential cross site scripting vulnerability in the CGIs"

I just committed nagios-(core-)2.10, nagios-2* hasn't been stable on any architecture. Not sure if nagios-1.* (currently stable) is also affected, if so nagios-2.10 is ready for stabilization from my pov.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-10-22 19:42:17 UTC
Thx for the heads up Tobias.

Seems like it only affects 2.x otherwise we'll have to reopen. So closing without GLSA for now.