Centreon 1.4.2.8 before the (unreleased) 1.4.2.8 branch seems to suffer from a remote file inclusion vulnerability: http://trac.centreon.com/changeset/7115/branches/centreon-1.4.2.8 Note that 2.x seems to be unaffected, however an SQL injection vulnerability has been discovered there ( http://trac.centreon.com/changeset/7582/trunk/centreon/www/main.php ) and is fixed in the 2.0 branch: http://trac.centreon.com/changeset/7581/branches/centreon-2.0.x
fixed in 1.2.4.7, still hard masked for nagios-3 and path_sanity.patch testing
eh, aclosed by accident
(In reply to comment #2) > eh, aclosed by accident > no problem, it can be closed since it's ~arch only. Thanks.
.. but only after it is out of p.mask
(In reply to comment #1) > fixed in 1.2.4.7, still hard masked for nagios-3 and path_sanity.patch testing > Ping, what is the status here?
unfortunately i have no time to test this release atm, it's a monster and i'm happy my installation still works. maybe i can find some time to backport only the security patch in the next week, and make a revbump
Closing as INVALID, the package is not any more in the main tree and it was never stable, no need glsa here.