Ubuntu
nagios3 package

lp://staging/ubuntu/intrepid-security/nagios3

Intrepid (8.10)
intrepid-security

Created by James Westby on 2009-06-25 and last modified on 2009-07-02

Get this branch:: bzr branch lp://staging/ubuntu/intrepid-security/nagios3

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Development

Recent revisions

6. By Marc Deslauriers on 2009-07-02

* SECURITY UPDATE: remote code execution via shell metacharacters.
  - debian/patches/52_SECURITY_CVE-2009-2288.dpatch: make sure host ip
    and arguments are valid in cgi/statuswml.c.
  - CVE-2009-2288

5. By Marc Deslauriers on 2008-12-05

* SECURITY UPDATE: authorization check bypass and arbitrary command
  execution via custom form or browser addon (LP: #301542)
  - debian/patches/50_SECURITY_CVE-2008-5027.dpatch:
    - cgi/cmd.c: disallow CHANGE commands in commit_command() via new
      cmd_submitf() function.
    - cgi/cmd.c: strip semicolons in commit_command().
    - cgi/cmd.c: strip newlines in write_command_to_file().
    - added cgi/extcmd_list.c: added extcmd_get_name() used by
      cmd_submitf() to validate commands.
  - CVE-2008-5027
* SECURITY UPDATE: Cross-site request forgery (CSRF) arbitrary command
  execution (LP: #301542)
  - debian/patches/51_SECURITY_CVE-2008-5028.dpatch: disable CMD_CHANGE
    commands in base/commands.c
  - CVE-2008-5028
* debian/rules: do not update po tree for security updates.

4. By Stefan Lesicnik on 2008-08-22

* debian/nagios3-common.prerm:
- Purge fails if /etc/nagios3/apache2.conf
is missing (LP: #256920).
* Update Maintainer.

3. By Alexander Wirt on 2008-06-10

[ Alexander Wirt ]
* Remove bashism from rules file (Closes: #479324, #478412)
* Set p1.pl DEBUG_LOG_PATH to /var/log/nagios3/ (Closes: #478877)
* Start nagios3 in nagios3.postinst (Closes: #481334)
* Add a patch from Stephane Chazelas which fixes the incluѕion of spurious $
signs into command output (Closes: #479061)

[ Jan Wagner ]
* New upstream release (Closes: #485439)
  * Fix XSS vulnerability (CVE-2007-5803).
* updated cfg-cgi.cfg.diff, cfg-commands.cfg.diff and cfg-nagios.cfg.diff
  for new upstream release and remove version from config files
  (Closes: #482178)
* Updating standards version to 3.8.0, no changes needed
* add myself fo Uploaders
* add doc-base support (Closes: #479334)
* replace dependency of mailx with bsd-mailx
* added Vcs- fields into source header's field
* take care if killproc isn't able to stop daemon via stop target of
  initscript, thanks Stephen Gran <email address hidden> for providing this fix
  (Closes: #479329)

2. By Alexander Wirt on 2008-04-08

* New upstream version (Closes: #475041)
* Move cfg_dir=/etc/nagios3/conf.d to the end of nagios.cfg to
allow overwriting variables from nagios.cfg in conf.đ/
* Disable external_commands in nagios.cfg as they are now enabled by
default

1. By Alexander Wirt on 2008-04-08

Import upstream version 3.0.1

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp://staging/ubuntu/karmic/nagios3

This branch contains Public information

Everyone can see this information.

Subscribers

James Westby

Ubuntunagios3 package