-
nagios2 (2.11-1ubuntu1.5) hardy-security; urgency=low
* SECURITY UPDATE: remote code execution via shell metacharacters.
- debian/patches/33_CVE_2009_2288.dpatch: make sure host ip and
arguments are valid in cgi/statuswml.c.
- CVE-2009-2288
-- Marc Deslauriers <email address hidden> Thu, 02 Jul 2009 09:08:43 -0400
-
nagios2 (2.11-1ubuntu1.4) hardy-security; urgency=low
* SECURITY UPDATE: authorization check bypass and arbitrary command
execution via custom form or browser addon (LP: #301542)
- debian/patches/31_CVE_2008_5027.dpatch: cgi/cmd.c: strip semicolons and
newlines in commit_command().
- CVE-2008-5027
* SECURITY UPDATE: Cross-site request forgery (CSRF) arbitrary command
execution (LP: #301542)
- debian/patches/32_CVE_2008_5028.dpatch: disable CMD_CHANGE commands in
base/commands.c
- CVE-2008-5028
* debian/rules: do not update po tree for security updates.
-- Marc Deslauriers <email address hidden> Mon, 22 Dec 2008 10:52:07 -0500
-
nagios2 (2.11-1ubuntu1.3) hardy-proposed; urgency=low
* Modified cfg-commands.cfg.diff to replace /bin/mail references
in resulting commands.cfg and use /usr/bin/mail instead (LP: #231004),
work based on a patch provided by Erik Forsberg.
* Fix reloading so that it doesn't just stop the daemon (LP: #252686)
-- Thierry Carrez <email address hidden> Tue, 02 Sep 2008 14:59:26 +0200
-
nagios2 (2.11-1ubuntu1.2) hardy-security; urgency=low
* SECURITY UPDATE: fix XSS issues in CGI scripts thanks to Thierry Carrez
* debian/rules: fix nagios2-common upgrade failure. Thanks to Thierry Carrez
* References
CVE-2007-5803
LP: #238516
LP: #220208
-- Jamie Strandboge <email address hidden> Thu, 19 Jun 2008 12:30:11 -0400
-
nagios2 (2.11-1ubuntu1) hardy; urgency=low
* debian/nagios2-common.nagios2.init
- Fix init script pid file. (LP: #174466)
* Update maintainers as per spec.
-- Chuck Short <email address hidden> Mon, 07 Apr 2008 14:36:49 -0400
-
nagios2 (2.11-1) unstable; urgency=low
* new upstream version
* remove wrong NOT RELEASED YET entry from 2.10-1 changelog
* Add debian/watch file. Thanks to Raphael Geissert. Closes: #456018
* init script: Tell killproc which daemon to kill.
Thanks to Mark Petersen. Closes: #456958
* Steal copyright file from Nagios3
* Standards-Version: 3.7.3 (no changes necessary)
* Add a description to 10_p1_pl_shebang.dpatch
* Override empty directory warning for usr/share/nagios2/htdocs/ssi/
* fix Errors in manpages by removing .Xc
[Jan Wagner]
* added Vcs- fields
-- William Grant <email address hidden> Fri, 28 Mar 2008 09:46:42 +0000
-
nagios2 (2.10-1) unstable; urgency=low
* NOT RELEASED YET
* New upstream release
* Fix XSS vulnerability (CVS-2007-5624). Closes: #448371
* Adapt sample config patches
* Fix permissions on /var/log/nagios2/archives.
Thanks to Michael Feger. Closes: #429820
* Fix typo in localhost_nagios2.cfg.
Thanks to Justin Pryzby. Closes: #430477.
* New Portuguese debconf translations from Rui Branco and the Traduz
team. Closes: #436155.
* Rearrange apache2.conf so that the Stylesheet alias path is
actually used.
Thanks to Joerg Dorchain. This may fix #420009
* Relax dependency on web server to Recommends. Depend on
apache2-utils since we need htpasswd.
Thanks to Japp Eldering. Closes: #413519
* Move stylesheets to /etc, create a symlink.
Thanks to Joerg Dorchain and Steve Greenland. Closes: #420011
* Fix suboptimal formatting of package descriptions.
Thanks to Sam Morris. Closes: 413494
* debian/control: re-order Source stanza according to dpkg 1.14.7,
add Homepage field. We're going to leave in the Upstream URL in the
package description for a while though.
* Unmark package names for translation in debconf templates.
Thanks to Kobayashi Noritada. Closes: #413127
[Jan Wagner]
* fixed README.Debian about setting check_external_commands=1
(closes: #431953).
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 05 Nov 2007 19:30:30 +0000
-
nagios2 (2.9-1) unstable; urgency=low
* New upstream release (closes: #414647).
* new dutch (nl) debconf translations from cobaco (closes: #414762).
* new japanese (ja) debconf translations from Kobayashi Noritada
(closes: #413122).
* Fix wrong path to debian.gd2 in extinfo_nagios2.cfg (closes: #423639).
[Sean Finney]
* various fixes/cleanups in init script should resolve issues with
pidfile handling etc (closes: #416763, #397289, #414050, #412980, #415752).
* Merge config file changes.
* add note for pam_tmpdir users about setting TMPDIR in
/etc/nagios2/default. thanks to Richard A Nelson (closes: #414652)
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 11 Jun 2007 18:45:53 +0100