Format: 1.8
Date: Fri, 05 Dec 2008 14:15:52 -0500
Source: nagios3
Binary: nagios3-common nagios3 nagios3-doc nagios3-dbg
Architecture: amd64_translations amd64
Version: 3.0.2-1ubuntu1.1
Distribution: intrepid
Urgency: low
Maintainer: Ubuntu/amd64 Build Daemon <buildd@yellow.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 nagios3    - A host/service/network monitoring and management system
 nagios3-common - support files for nagios3
 nagios3-dbg - debugging symbols for nagios3
 nagios3-doc - documentation for nagios3
Launchpad-Bugs-Fixed: 301542 301542
Changes: 
 nagios3 (3.0.2-1ubuntu1.1) intrepid-security; urgency=low
 .
   * SECURITY UPDATE: authorization check bypass and arbitrary command
     execution via custom form or browser addon (LP: #301542)
     - debian/patches/50_SECURITY_CVE-2008-5027.dpatch:
       - cgi/cmd.c: disallow CHANGE commands in commit_command() via new
         cmd_submitf() function.
       - cgi/cmd.c: strip semicolons in commit_command().
       - cgi/cmd.c: strip newlines in write_command_to_file().
       - added cgi/extcmd_list.c: added extcmd_get_name() used by
         cmd_submitf() to validate commands.
     - CVE-2008-5027
   * SECURITY UPDATE: Cross-site request forgery (CSRF) arbitrary command
     execution (LP: #301542)
     - debian/patches/51_SECURITY_CVE-2008-5028.dpatch: disable CMD_CHANGE
       commands in base/commands.c
     - CVE-2008-5028
   * debian/rules: do not update po tree for security updates.
Checksums-Sha1: 
 9e2fba96e629a888c197d42d9e00e49d75f19aec 5722 nagios3_3.0.2-1ubuntu1.1_amd64_translations.tar.gz
 ce914fe6a9d567b7237982b83a8a3d940afde2c1 1538712 nagios3_3.0.2-1ubuntu1.1_amd64.deb
 9bdceebfd45c2a06274690a8c6874b141e187012 2660164 nagios3-dbg_3.0.2-1ubuntu1.1_amd64.deb
Checksums-Sha256: 
 466015dc68e55e2561173fdefc32581573c3a39caf50629996698e7bd4be1bb4 5722 nagios3_3.0.2-1ubuntu1.1_amd64_translations.tar.gz
 5e7ce452c23450208b95785f776801ecc0dc70fd30778ba193c3f6cac0c7cfe5 1538712 nagios3_3.0.2-1ubuntu1.1_amd64.deb
 71d2a64b3a7b42a2ffcaeab40e5b5262de616bd0d1593a8cf382f0e700701505 2660164 nagios3-dbg_3.0.2-1ubuntu1.1_amd64.deb
Files: 
 e6fe69a14c543a5cc9a0b777ddcefca0 5722 raw-translations - nagios3_3.0.2-1ubuntu1.1_amd64_translations.tar.gz
 8ce98eee89e13bc544180c73c9d24ba0 1538712 net optional nagios3_3.0.2-1ubuntu1.1_amd64.deb
 381e889f994b102f6e65acc67f032f7a 2660164 net extra nagios3-dbg_3.0.2-1ubuntu1.1_amd64.deb
Original-Maintainer: Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>