Your message dated Sun, 14 Oct 2007 11:02:08 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#445475: fixed in nagios-plugins 1.4.8-2.1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: nagios-plugins
Severity: grave
Tags: security
Justification: user security hole
Hi
The following CVE[0] has been issued against nagios-plugins.
CVE-2007-5198:
Buffer overflow in the redir function in check_http.c in Nagios Plugins
before 1.4.10 allows remote web servers to execute arbitrary code via
long Location header responses (redirects).
Could you please investigate this?
Thanks for your efforts.
Cheers
Steffen
[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5198
--- End Message ---
--- Begin Message ---
Source: nagios-plugins
Source-Version: 1.4.8-2.1
We believe that the bug you reported is fixed in the latest version of
nagios-plugins, which is due to be installed in the Debian FTP archive:
nagios-plugins-basic_1.4.8-2.1_i386.deb
to pool/main/n/nagios-plugins/nagios-plugins-basic_1.4.8-2.1_i386.deb
nagios-plugins-standard_1.4.8-2.1_i386.deb
to pool/main/n/nagios-plugins/nagios-plugins-standard_1.4.8-2.1_i386.deb
nagios-plugins_1.4.8-2.1.diff.gz
to pool/main/n/nagios-plugins/nagios-plugins_1.4.8-2.1.diff.gz
nagios-plugins_1.4.8-2.1.dsc
to pool/main/n/nagios-plugins/nagios-plugins_1.4.8-2.1.dsc
nagios-plugins_1.4.8-2.1_all.deb
to pool/main/n/nagios-plugins/nagios-plugins_1.4.8-2.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steffen Joeris <[EMAIL PROTECTED]> (supplier of updated nagios-plugins package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 14 Oct 2007 10:36:01 +0000
Source: nagios-plugins
Binary: nagios-plugins nagios-plugins-basic nagios-plugins-standard
Architecture: source i386 all
Version: 1.4.8-2.1
Distribution: unstable
Urgency: high
Maintainer: Debian Nagios Maintainer Group <[EMAIL PROTECTED]>
Changed-By: Steffen Joeris <[EMAIL PROTECTED]>
Description:
nagios-plugins - Plugins for the nagios network monitoring and management
system
nagios-plugins-basic - Plugins for the nagios network monitoring and
management system
nagios-plugins-standard - Plugins for the nagios network monitoring and
management system
Closes: 445475
Changes:
nagios-plugins (1.4.8-2.1) unstable; urgency=high
.
* Non-maintainer upload by the testing-security team
* Include CVS patch to fix buffer overflow in redir function in
check_http.c, which was caused by parsing HTTP redirect strings
using sscanf (Closes: #445475)
Fixes: CVE-2007-5198
* Include fix for off-by-one error and a NULL pointer, which leads
to a segfault
Files:
85b551c67b864cf8ffd47accba11ccad 1027 net extra nagios-plugins_1.4.8-2.1.dsc
51a3aa7172fa9525369f21acc88a2099 24577 net extra
nagios-plugins_1.4.8-2.1.diff.gz
cec440ca48754ea3fe27e1195770d350 89630 net extra
nagios-plugins_1.4.8-2.1_all.deb
024c4ec93e24316f55f8fa6db0e1ea9b 343712 net extra
nagios-plugins-basic_1.4.8-2.1_i386.deb
c027bc936f38a0facd7e283a4ac96760 193242 net extra
nagios-plugins-standard_1.4.8-2.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHEfWV62zWxYk/rQcRAm3CAJwJrVfrTgM1z3ZP2+/r/+Cc8DCB7wCfU21/
1mzVVFlejsIciYeKS3WlJJk=
=+GSl
-----END PGP SIGNATURE-----
--- End Message ---
