[Secure-testing-team] Re: [Secure-testing-commits] r3999 -
data/CVE
Stefan Fritsch
sf at sfritsch.de
Tue May 23 19:22:22 UTC 2006
On Tuesday 23 May 2006 16:48, Florian Weimer wrote:
> * Stefan Fritsch:
> > nagios issue already fixed in unstable
> >
> > CVE-2006-2489 (Integer overflow in CGI scripts in Nagios 1.x
> > before 1.4.1 and 2.x ...) - - nagios <unfixed> (high)
> > - - nagios2 <unfixed> (high)
> > + - nagios 2:1.4-1 (bug #366682; bug #366803; high)
> > + - nagios2 2.3-1 (bug #366683; high)
>
> Are you sure it's 2.3-1 and not 2.3.1?
Yes, CVE-2006-2489 was found in the discussion in the Debian
bugreports about CVE-2006-2162 and the maintainer included the fix
before upstream released it.
Cheers,
Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060523/db083448/attachment.pgp
More information about the Secure-testing-team
mailing list