Changelog
xymon (4.3.28-5+deb10u1) buster; urgency=high
* Apply minimal upstream security patch to fix several (server-only)
vulnerabilities reported upstream by Graham Rymer:
+ CVE-2019-13451: service overflows histlogfn in history.c.
+ CVE-2019-13452: service overflows histlogfn in reportlog.c.
+ CVE-2019-13273: srdb overflows dbfn in csvinfo.c.
+ CVE-2019-13274: reflected XSS in csvinfo.c.
+ CVE-2019-13455: htmlquoted(hostname) overflows msgline in
acknowledge.c.
+ CVE-2019-13484: htmlquoted(xymondreq) overflows errtxt appfeed.c.
+ CVE-2019-13485: hostname overflows selfurl in history.c.
+ CVE-2019-13486: htmlquoted(xymondreq) overflows errtxt in
svcstatus.c.
+ Closes: #935470
* Include hostname validation regression fixes from 4.3.30, too.
-- Axel Beckert <email address hidden> Fri, 23 Aug 2019 01:07:47 +0200