Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 11 Dec 2008 16:22:35 +0100
From: Jan Lieskovsky <>
To: Andreas Ericsson <>, Eygene Ryabinkin <>
Subject: Re: CVE Request (nagios)

Hello guys,

  I can't follow this. Nagios 3.0.5 should fix two issues:
Patch: ?

So Nagios 3.0.6 Changelog:
"Fix for CGI submission of external commands (writing newlines and submitting service comments)"
is only part of CVE-2008-5027, which hasn't been committed to Nagios 3.0.5?

And patch for:
"Disabled adaptive check and eventhandler commands for security reasons" (also from 3.0.6 Changelog)

Is this also part of "incomplete" fix for CVE-2008-5027 in 3.0.5?
i.e. nothing security related was fixed in 3.0.6 and all the
changes committed are only due late upstream committing of patches
for CVE-2008-502{7,8}?

Thanks!, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.