-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 11 Jun 2014 10:44:57 +0200 Source: icinga Binary: icinga-common icinga-cgi icinga-idoutils icinga icinga-core icinga-doc icinga-dbg Architecture: source amd64 all Version: 1.7.1-7 Distribution: stable-security Urgency: high Maintainer: Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org> Changed-By: Alexander Wirt <formorer@debian.org> Description: icinga - host and network monitoring system - metapackage icinga-cgi - host and network monitoring system - CGI scripts icinga-common - host and network monitoring system - support files icinga-core - host and network monitoring system - core files icinga-dbg - host and network monitoring system - debug files icinga-doc - host and network monitoring system - documentation icinga-idoutils - host and network monitoring system - icinga-dataobjects support Changes: icinga (1.7.1-7) stable-security; urgency=high . * Fix multiple stack-based buffer overflows in cgiutils.c and config.c. This is a fix for CVE-2013-7106 * Fix CSRF vulnerability in cmd.cgi. This is a fix for CVE-2013-7107 * Fix multiple off-by-one errors in process_cgivars(). This is a fix for CVE-2013-7108 * Fix stack bases overflow in cmd_submitf() from cmd.c. This is a fix for CVE-2014-1878 * Fix buffer overflows when checking strlen against MAX_INPUT_BUFFER in cgiutils.c. This is a fix for CVE-2014-2386 . Thanks to Moritz Muehlenhoff for providing those patches. Checksums-Sha1: bcb1d833fc4366ca3cf223d549512c8634add13e 2295 icinga_1.7.1-7.dsc 06abfde2b7c1785133d1501f635f94ce099ee6ca 12938365 icinga_1.7.1.orig.tar.gz 3611039f1bbc2ed04fd850365b3a59bcab8aa938 54162 icinga_1.7.1-7.diff.gz 40513c8aa3079df480af8c3b2fbaded4db5da858 2095220 icinga-cgi_1.7.1-7_amd64.deb fb66f629366536b22d7ce4028981876d60624ff7 265082 icinga-idoutils_1.7.1-7_amd64.deb 4a4f483a5f07fd037429f7cd54d8ffd80a075f44 1304 icinga_1.7.1-7_amd64.deb 1bbe1f252c5a26488f6704ce01bdbdd2b7c4980b 292442 icinga-core_1.7.1-7_amd64.deb 665c3702a32e988cad6653d7a34537824529d14d 5528198 icinga-dbg_1.7.1-7_amd64.deb 0b77061c30e488e4025415f4b95272b57c28ea76 110110 icinga-common_1.7.1-7_all.deb d4e2e1b8aca4bf6840d1ffd30546abb981205a33 5354974 icinga-doc_1.7.1-7_all.deb Checksums-Sha256: be65a1089c82e2f899e4724bec9ff49faf1c2fc2dbb1f71660663fa89ab83dc8 2295 icinga_1.7.1-7.dsc 86662178fae6a3618340b2d0b0fad5033439556649f79214a9a2331c10c2cab6 12938365 icinga_1.7.1.orig.tar.gz 45f88edcdbaed618936ef0ae6713e72caa59ee7a87d857a1e56a9b63c6efaebc 54162 icinga_1.7.1-7.diff.gz 4461f5dc1b3582647680256e5581d59b3d6ea0da541eff1dc5d824eef17dc5ce 2095220 icinga-cgi_1.7.1-7_amd64.deb 5b7231a6bc7b59bd6ead772cb6667a5ceed4be02be5f99b8862b14c389554a1e 265082 icinga-idoutils_1.7.1-7_amd64.deb 49f69c6a35636f8e4594e211d3d8f6c9d8b7bde8d09fd4aae0a5e5e72b7bff03 1304 icinga_1.7.1-7_amd64.deb b82664f945fb8d4b3849d98e97edbb3f3606c9f42b233c693832d407ac190eea 292442 icinga-core_1.7.1-7_amd64.deb 43b847395499805c0cd044f810cc5ac65723f7d587d526ce601e03c42deba678 5528198 icinga-dbg_1.7.1-7_amd64.deb 096c9d37e20510a40fdfbcfc7ff45d967e08adf257b53f7c800d5edfd33572a4 110110 icinga-common_1.7.1-7_all.deb a3a4680aa3ec4f6c716dea231b5f48fced1cc8392fa4a21f089fe3e87c688981 5354974 icinga-doc_1.7.1-7_all.deb Files: 1500e5c4d7ea447e3418ecfc5df56256 2295 net optional icinga_1.7.1-7.dsc e96582d0fe3fed89451fbbecf8b83004 12938365 net optional icinga_1.7.1.orig.tar.gz 73a1735ff51c95cd81a2545b5ed2f561 54162 net optional icinga_1.7.1-7.diff.gz 5bdeff46ef90e672ab63f8d1c98294fb 2095220 net optional icinga-cgi_1.7.1-7_amd64.deb f0ecc8ed49677e38eff347d7f45a9483 265082 net optional icinga-idoutils_1.7.1-7_amd64.deb 9563d725f4710044fe7928569c2cf750 1304 net optional icinga_1.7.1-7_amd64.deb b42c03df10d0d924fe625bc5796c1c0a 292442 net optional icinga-core_1.7.1-7_amd64.deb a917bd954450d0ac006646d18186b5a3 5528198 debug extra icinga-dbg_1.7.1-7_amd64.deb a9852149f8accc31dabab6e40d29a65e 110110 net optional icinga-common_1.7.1-7_all.deb bb475459933fc105c4b44a6b65caf7af 5354974 doc optional icinga-doc_1.7.1-7_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTmCg4AAoJEB5F+Mqd4jsW30oP/ivPg2JzhBV9wEgkd/htafMk 5fox9TvE3x8AkONwa2BFyqNleXlBxICRfulwd0LFlzEhECtWYMeHE7ub5s3PfxJl gPCJTUo5zxUb2suo8u8Q8L0wN7l/Gg2J994hmMDiseuvOznt0vzn3LRUp3dNhmum 5/FFTWw/mYe4r/FR04eBj0GosLnIon5n5l31u9Nq15qU8/dQunVBTrLs7lAIuFAo aiKdHLsh2TMz7vlqU5pz38f4I7KmG05gUIkL1UkQDnb+7dj/QpgDW6kjiklEP6aj davHED1VX1IEDXmdNwwFh4wwIcAssqvNUXFMo1Y1xdKBIAD+cOXr9NaHpNsNAZCQ pQ9NtwAXFqJQrukFSEn1RizvToaRRY1MEJz7FTagU4BcxWGAOlMWB/khnVncSdLt owaEtg0sYAOZ0SSRTHtlB/ABCpZti8MNuVajpMPXO3n+ACgmVGXYbfdTqW+vS0ft 59atIQsa49oKnEzKySP7mhQHpLEgmcfdav+Hh2VWzVXusGC764x2YikoRbPSHVi6 aWdN3tAt0gZvVDl91Z2MGg2UgD+/WWNvDHD1q4fQroTuqldYb4ww2PBoZ7qYFDw/ n4RNmUwZYXdOdeWMkDMrApQJQ82nxbnj8/E/iFTzf4PH9pYoaz2VfFEKP7kGrrZg THCQw6Peo8jniLYMSuX5 =BoA4 -----END PGP SIGNATURE-----