From ${URL} : Description A vulnerability has been reported in Nagios, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an off-by-one error within the "process_cgivars()" function and can be exploited to cause an out of bounds read memory access by sending a specially crafted key value. Solution: Fixed in the git repository. Provided and/or discovered by: Disclosed in a git commit. Original Advisory: http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/ @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Added with bump to 3.5.1, stabilization requested in bug 501200.
Arches, Thank you for your work Maintainer(s), please drop the vulnerable version(s). GLSA Vote: No
Adding to existing GLSA request.
This issue was resolved and addressed in GLSA 201412-23 at http://security.gentoo.org/glsa/glsa-201412-23.xml by GLSA coordinator Sean Amoss (ackle).
