Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 08 Dec 2008 10:37:41 +0100
From: Andreas Ericsson <ae@....se>
To: oss-security@...ts.openwall.com
CC: coley@...re.org
Subject: Re: CVE Request (nagios)

Josh Bressers wrote:
> Hi Steve,
> 
> I'm not seeing a CVE id for this.  It seems the Nagios 3.0.6 release fixes a flaw:
> http://www.nagios.org/development/history/nagios-3x.php
> http://bugs.gentoo.org/show_bug.cgi?id=249876
> 
> Here is the patch:
> http://sourceforge.net/mailarchive/forum.php?thread_name=E1L6mat-0001sb-RN%40fdv4jf1.ch3.sourceforge.com&forum_name=nagios-checkins
> 

CVE id 2008-5028 has been assigned to this. I requested a CVE id through this list
on Nov 6 2008. Fairly full details on the two issues described in my original email
(Message-Id: <49131C7E.8050105@....se>) can be found at http://blogs.op5.org

The patch has been publicly available since Nov 7, when I announced it on the
nagios-devel mailing list.

Both issues were reported to the Nagios dev team by Tim Starling on Oct 26.

-- 
Andreas Ericsson                   andreas.ericsson@....se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.