[Secure-testing-team] Re: [Secure-testing-commits] r3999 -
data/CVE
Florian Weimer
fw at deneb.enyo.de
Sat May 27 06:52:57 UTC 2006
* Stefan Fritsch:
> On Tuesday 23 May 2006 16:48, Florian Weimer wrote:
>> * Stefan Fritsch:
>> > nagios issue already fixed in unstable
>> >
>> > CVE-2006-2489 (Integer overflow in CGI scripts in Nagios 1.x
>> > before 1.4.1 and 2.x ...) - - nagios <unfixed> (high)
>> > - - nagios2 <unfixed> (high)
>> > + - nagios 2:1.4-1 (bug #366682; bug #366803; high)
>> > + - nagios2 2.3-1 (bug #366683; high)
>>
>> Are you sure it's 2.3-1 and not 2.3.1?
>
> Yes, CVE-2006-2489 was found in the discussion in the Debian
> bugreports about CVE-2006-2162 and the maintainer included the fix
> before upstream released it.
Ah, okay, I was momentarily confused by some lack of maintainer
coordination. Thanks for the clarification.
More information about the Secure-testing-team
mailing list