icingaweb2-module-director - Debian Package Tracker

general

source: icingaweb2-module-director (main)
version: 1.11.5-2
maintainer: David Kunz (DMD)
arch: all
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.6.0-2
oldstable: 1.10.2-1
stable: 1.11.4-1
testing: 1.11.5-2
unstable: 1.11.5-2

versioned links

1.6.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.11.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.11.5-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

icingaweb2-module-director

action needed

A new upstream version is available: 1.11.6 high

A new upstream version 1.11.6 is available, you should consider packaging it.

Created: 2026-02-19 Last update: 2026-03-01 02:00

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.11.6-1, distribution unstable) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit bff894fa0343eca00537c055b8d22e89457f97ea
Author: David Kunz <david.kunz@bfh.ch>
Date:   Tue Feb 24 10:30:51 2026 +0100

    Configure user _director.
    
    Signed-off-by: David Kunz <david.kunz@bfh.ch>

commit 55254a1013aa05e3e501ae314b413a2491e75820
Author: David Kunz <david.kunz@bfh.ch>
Date:   Mon Feb 23 11:40:46 2026 +0100

    Releasing debian verson 1.11.6-1.
    
    Signed-off-by: David Kunz <david.kunz@bfh.ch>

commit 0fe980e9ec421afc71d4d4d5a377be47c147b06b
Author: David Kunz <david.kunz@bfh.ch>
Date:   Mon Feb 23 15:37:25 2026 +0100

    Updating d/watch to version 5.
    
    Signed-off-by: David Kunz <david.kunz@bfh.ch>

commit 1c9620abd8c90cb600a5e82ea7341b2962db56ed
Author: David Kunz <david.kunz@bfh.ch>
Date:   Mon Feb 23 13:00:40 2026 +0100

    Updating copyright for d/.
    
    Signed-off-by: David Kunz <david.kunz@bfh.ch>

commit ed895919a05ff04283376868d4b68dcd712a67b3
Author: David Kunz <david.kunz@bfh.ch>
Date:   Mon Feb 23 11:28:02 2026 +0100

    Updating d/rules.
    
    Signed-off-by: David Kunz <david.kunz@bfh.ch>

commit 5f44490a4615ed3986faa9e087545749709f9c35
Author: David Kunz <david.kunz@bfh.ch>
Date:   Mon Feb 23 11:22:57 2026 +0100

    Rename files in debian.
    
    Signed-off-by: David Kunz <david.kunz@bfh.ch>

commit 882b9ea1adebd24533d0e06b0f641478cc10794d
Author: David Kunz <david.kunz@bfh.ch>
Date:   Mon Feb 23 11:20:58 2026 +0100

    Updating Standards-Version to 4.7.3.
    
    Signed-off-by: David Kunz <david.kunz@bfh.ch>

commit cd93cae686bb40c8bbef42f47c5197f3501a3acf
Author: David Kunz <david.kunz@bfh.ch>
Date:   Mon Feb 23 11:17:25 2026 +0100

    Merging upstream version 1.11.6.
    
    Signed-off-by: David Kunz <david.kunz@bfh.ch>

commit 554c454f193919abe5175c2ed600b398144d7265
Author: David Kunz <david.kunz@dknet.ch>
Date:   Wed Dec 10 14:52:45 2025 +0100

    Update debian/salsa-ci.yml file

commit 1ed3571ec48cb68b464a829617de27b5355e57f5
Author: David Kunz <david.kunz@bfh.ch>
Date:   Tue Sep 23 12:56:05 2025 +0200

    Releasing debian verson 1.11.5-2.
    
    Signed-off-by: David Kunz <david.kunz@bfh.ch>

Created: 2025-09-23 Last update: 2026-02-24 14:02

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:

CVE-2024-24820: (needs triaging) Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director's configuration forms used to manipulate the monitoring environment are protected against cross site request forgery (CSRF). It enables attackers to perform changes in the monitoring environment managed by Icinga Director without the awareness of the victim. Users of the map module in version 1.x, should immediately upgrade to v2.0. The mentioned XSS vulnerabilities in Icinga Web are already fixed as well and upgrades to the most recent release of the 2.9, 2.10 or 2.11 branch must be performed if not done yet. Any later major release is also suitable. Icinga Director will receive minor updates to the 1.8, 1.9, 1.10 and 1.11 branches to remedy this issue. Upgrade immediately to a patched release. If that is not feasible, disable the director module for the time being.
CVE-2025-23203: (needs triaging) Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.4 and 1.11.4 on several director endpoints of REST API. To reproduce this vulnerability an authenticated user with permission to access the Director is required (plus api access with regard to the api endpoints). And even though some of these Icinga Director users are restricted from accessing certain objects, are able to retrieve information related to them if their name is known. This makes it possible to change the configuration of these objects by those Icinga Director users restricted from accessing them. This results in further exploitation, data breaches and sensitive information disclosure. Affected endpoints include icingaweb2/director/service, if the host name is left out of the query; icingaweb2/directore/notification; icingaweb2/director/serviceset; and icingaweb2/director/scheduled-downtime. In addition, the endpoint `icingaweb2/director/services?host=filteredHostName` returns a status code 200 even though the services for the host is filtered. This in turn lets the restricted user know that the host `filteredHostName` exists even though the user is restricted from accessing it. This could again result in further exploitation of this information and data breaches. Icinga Director has patches in versions 1.10.4 and 1.11.4. If upgrading is not feasible, disable the director module for the users other than admin role for the time being.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-11-14 Last update: 2026-01-21 06:00

debian/patches: 4 patches to forward upstream low

Among the 4 debian patches available in version 1.11.5-2 of the package, we noticed the following issues:

4 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-09-26 06:32

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.3 instead of 4.7.0).

Created: 2024-04-07 Last update: 2025-12-23 20:00

news

[rss feed]

[2025-10-01] icingaweb2-module-director 1.11.5-2 MIGRATED to testing (Debian testing watch)
[2025-09-25] Accepted icingaweb2-module-director 1.11.5-2 (source) into unstable (David Kunz) (signed by: Daniel Baumann)
[2025-08-04] Accepted icingaweb2-module-director 1.11.5-1 (source) into experimental (David Kunz) (signed by: Daniel Baumann)
[2025-04-07] icingaweb2-module-director 1.11.4-1 MIGRATED to testing (Debian testing watch)
[2025-04-01] Accepted icingaweb2-module-director 1.11.4-1 (source) into unstable (David Kunz) (signed by: Sakirnth Nagarasa)
[2024-04-01] icingaweb2-module-director 1.11.1-1 MIGRATED to testing (Debian testing watch)
[2024-03-25] Accepted icingaweb2-module-director 1.11.1-1 (source) into unstable (David Kunz) (signed by: Sakirnth Nagarasa)
[2023-09-16] icingaweb2-module-director 1.10.2-2 MIGRATED to testing (Debian testing watch)
[2023-09-11] Accepted icingaweb2-module-director 1.10.2-2 (source) into unstable (David Kunz) (signed by: Daniel Baumann)
[2023-02-10] icingaweb2-module-director 1.10.2-1 MIGRATED to testing (Debian testing watch)
[2023-02-08] Accepted icingaweb2-module-director 1.10.2-1 (source) into unstable (David Kunz) (signed by: Daniel Baumann)
[2022-10-20] icingaweb2-module-director 1.8.1-2.1 MIGRATED to testing (Debian testing watch)
[2022-10-15] Accepted icingaweb2-module-director 1.8.1-2.1 (source) into unstable (Michael Biebl)
[2022-07-12] icingaweb2-module-director 1.8.1-2 MIGRATED to testing (Debian testing watch)
[2022-02-22] icingaweb2-module-director REMOVED from testing (Debian testing watch)
[2022-02-05] icingaweb2-module-director 1.8.1-2 MIGRATED to testing (Debian testing watch)
[2022-02-04] icingaweb2-module-director REMOVED from testing (Debian testing watch)
[2022-01-03] icingaweb2-module-director 1.8.1-2 MIGRATED to testing (Debian testing watch)
[2021-12-28] Accepted icingaweb2-module-director 1.8.1-2 (source) into unstable (David Kunz) (signed by: Daniel Baumann)
[2021-11-28] icingaweb2-module-director 1.8.1-1 MIGRATED to testing (Debian testing watch)
[2021-08-11] Accepted icingaweb2-module-director 1.8.1-1 (source) into unstable (David Kunz) (signed by: Daniel Baumann)
[2021-02-01] Accepted icingaweb2-module-director 1.8.0-1 (source) into unstable (David Kunz) (signed by: Daniel Baumann)
[2020-09-05] icingaweb2-module-director 1.6.0-2 MIGRATED to testing (Debian testing watch)
[2020-08-30] Accepted icingaweb2-module-director 1.6.0-2 (source) into unstable (David Kunz) (signed by: Daniel Baumann)
[2019-09-06] Accepted icingaweb2-module-director 1.6.0-1 (source all) into unstable, unstable (David Kunz) (signed by: Daniel Baumann)

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
l10n (100, 97)
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.11.5-2
1 bug