Date: Mon, 08 Dec 2008 10:37:41 +0100 From: Andreas Ericsson <ae@....se> To: oss-security@...ts.openwall.com CC: coley@...re.org Subject: Re: CVE Request (nagios) Josh Bressers wrote: > Hi Steve, > > I'm not seeing a CVE id for this. It seems the Nagios 3.0.6 release fixes a flaw: > http://www.nagios.org/development/history/nagios-3x.php > http://bugs.gentoo.org/show_bug.cgi?id=249876 > > Here is the patch: > http://sourceforge.net/mailarchive/forum.php?thread_name=E1L6mat-0001sb-RN%40fdv4jf1.ch3.sourceforge.com&forum_name=nagios-checkins > CVE id 2008-5028 has been assigned to this. I requested a CVE id through this list on Nov 6 2008. Fairly full details on the two issues described in my original email (Message-Id: <49131C7E.8050105@....se>) can be found at http://blogs.op5.org The patch has been publicly available since Nov 7, when I announced it on the nagios-devel mailing list. Both issues were reported to the Nagios dev team by Tim Starling on Oct 26. -- Andreas Ericsson andreas.ericsson@....se OP5 AB www.op5.se Tel: +46 8-230225 Fax: +46 8-230231
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.