Debian
xymon package

xymon 4.3.28-2+deb9u1 source package in Debian

Changelog

xymon (4.3.28-2+deb9u1) stretch; urgency=high

  * Apply minimal upstream security patch to fix several (server-only)
    vulnerabilities reported upstream by Graham Rymer:
    + CVE-2019-13451: service overflows histlogfn in history.c.
    + CVE-2019-13452: service overflows histlogfn in reportlog.c.
    + CVE-2019-13273: srdb overflows dbfn in csvinfo.c.
    + CVE-2019-13274: reflected XSS in csvinfo.c.
    + CVE-2019-13455: htmlquoted(hostname) overflows msgline in
      acknowledge.c.
    + CVE-2019-13484: htmlquoted(xymondreq) overflows errtxt appfeed.c.
    + CVE-2019-13485: hostname overflows selfurl in history.c.
    + CVE-2019-13486: htmlquoted(xymondreq) overflows errtxt in
      svcstatus.c.
    + Closes: #935470
  * Include hostname validation regression fixes from 4.3.30, too.

 -- Axel Beckert <email address hidden>  Fri, 23 Aug 2019 01:09:07 +0200

Upload details

Uploaded by:
Christoph Berg
Uploaded to:
Stretch
Original maintainer:
Christoph Berg
Architectures:
any
Section:
net
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section
Stretch release main net

Builds

Downloads

File Size SHA-256 Checksum
xymon_4.3.28-2+deb9u1.dsc 2.1 KiB 2d3b25516dea960d3a4ccb744461a9e223138014f099d8608662891326f92385
xymon_4.3.28.orig.tar.gz 3.8 MiB 68cb33eb48d1bb212a1bbafd9fdea8c682ae1b69077cd5fb03676e0af39cbf80
xymon_4.3.28-2+deb9u1.debian.tar.xz 48.6 KiB 2d611d9aa56e495854393539b831f9a16d94d799bd34c73a627d2cbf92026647

No changes file available.

Binary packages built by this source