CVSROOT: /cvs Module name: ports Changes by: st...@cvs.openbsd.org 2009/08/07 11:18:34
Modified files:
net/nagios/nagios: Makefile
Added files:
net/nagios/nagios/patches: patch-cgi_statuswml_c
Log message:
SECURITY; add a fix for CVE-2009-2288 (statuswml.cgi uses an unchecked
url parameter in the ping/traceroute command line). "go ahead please,
if you think it's correct" sturm@ (maintainer).
Users would have to pass webserver authentication (if configured) to
trigger this.
