Couldn't think of a better place to ask this. I requested a CVE back in March for an issue with the installed permissions in Nagios's NDOUtils. I think the request ID was #1620090.
I received a confirmation, but never got a follow-up response. I've since replied to the CVE-Request@ address, and have filled out the form with an "other" request asking for an update, but haven't heard back. New requests are obviously still being issued -- is there some way to find out what happened to this one? FWIW: Before NDOUtils-2.1.4 (released five days ago), the upstream Makefile would install the "ndo2db" daemon executable with the same owner/group that it is intended eventually to run as (namely: "nagios"). But the daemon is designed to be started as root and drop privileges to that user. If the "nagios" user can edit a binary that root will run, he can gain root privileges.
