Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted nagvis 1:1.9.25-2+deb11u1 (source) into oldstable-security
Date: Thu, 01 May 2025 00:00:19 +0000
Signed by: Daniel Leidert <dleidert@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 01 May 2025 00:54:13 +0200
Source: nagvis
Architecture: source
Version: 1:1.9.25-2+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>
Changed-By: Daniel Leidert <dleidert@debian.org>
Changes:
 nagvis (1:1.9.25-2+deb11u1) bullseye-security; urgency=medium
 .
   * Non-maintainer team upload by the Debian LTS team.
   * d/patches/CVE-2021-33178.patch: Add patch to fix CVE-2021-33178.
     - Fix a path traversal vulnerability that can be exploited by a malicious
       actor to arbitrarily delete files on the local system.
   * d/patches/CVE-2022-3979.patch: Add patch to fix CVE-2022-3979.
     - Fix a type juggling vulnerability in cookie hash processing.
   * d/patches/CVE-2022-46945.patch: Add patch to fix CVE-2022-46945.
     - Mitigate an arbitrary file read vulnerability.
   * d/patches/CVE-2023-46287.patch: Add patch to fix CVE-2023-46287.
     - Fix a XSS vulnerability.
   * d/patches/CVE-2024-47093-1.patch, d/patches/CVE-2024-47093-2.patch,
     d/patches/CVE-2024-47093-3.patch, d/patches/CVE-2024-47093-4.patch,
     d/patches/CVE-2024-47093-5.patch: Add patches to fix CVE-2024-13722,
     CVE-2024-13723, and CVE-2024-47093:
     - Fix XSS in std_table.php gadget.
     - Fix potential RCE due to being able to upload malicious maps.
     - Prevent XSS in NagVis.
     - Fix potential RCE due to already uploaded malicious maps by configuring
       authorisation_multisite_file.
     - Fix XSS for malicious graph elements.
Checksums-Sha1:
 f0cbab0e9f100f6eae97725d6505d99a17e75fa0 2120 nagvis_1.9.25-2+deb11u1.dsc
 b202ad06413911a928a58783308217c3ac45e2ab 1805057 nagvis_1.9.25.orig.tar.gz
 5c531d8dcfb9888757a6abae42944d4f4e7d278a 178608 nagvis_1.9.25-2+deb11u1.debian.tar.xz
 fee3d20c9590bb4131e4054abbfb7acc413a2976 6420 nagvis_1.9.25-2+deb11u1_amd64.buildinfo
Checksums-Sha256:
 3cfa9e4b4d15fadf584c8171f14f2c0d562e572b43b5fe1049b6c7e2ea370a73 2120 nagvis_1.9.25-2+deb11u1.dsc
 4699f6ebb8d7edefc1369d99f91a51df2a038b1e2bbfafc5dac57d7763964edf 1805057 nagvis_1.9.25.orig.tar.gz
 f1e361dc9cb696dce5377a5909a776148d4cdea3ca9e2720bc03d2647c75cbec 178608 nagvis_1.9.25-2+deb11u1.debian.tar.xz
 15202ba7249b9932817818e9bf5da76283c7544ab0d5cc16d83bf428261c1ade 6420 nagvis_1.9.25-2+deb11u1_amd64.buildinfo
Files:
 7845cd04dc64967fa98aa5a51bdff59b 2120 net optional nagvis_1.9.25-2+deb11u1.dsc
 3538306bde40692429ac0bdfc35cbe9c 1805057 net optional nagvis_1.9.25.orig.tar.gz
 3af68d847405b252173b33ccde948dbb 178608 net optional nagvis_1.9.25-2+deb11u1.debian.tar.xz
 3b8947c7ca8b7a369dd2ead148f7e328 6420 net optional nagvis_1.9.25-2+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmgStlEACgkQS80FZ8KW
0F0zCBAA0ppYMIy16Wlh8aEITKS0H5FnMCQpKHUlDDYa+hlzSnMRXOBl/uVkftiE
I8viwvajfWwltbLbKLnPWhWMBjyR6/NP5XCw9p+2YBoaYLnRo9787W7QHBPoHFbJ
A2cwQV+tpbj0PJtUcFQQ0fTqkPfHd/nCJveiO24X56hwW/gfFaK8DjaK4J1PJpkZ
tzvTKfueJIMdbX+cL58i8toYtHnU0A/Ot/WyV016uQmyo7kV/AyxDdFfJR/P2OLE
6G8VaDoqKvNyBYo9PLUSPL+ivI4PBu6sFOQsobCDOppKzvKHu69tvPNCCziyQVEC
fqiA4Rc1v5SmVOh4caFYeP28CoK7icV+sKTjckqGXDzGGgPB8xtrhVqw26oHYasC
amXCHs5t1Z+7/9uNOSIhQuKhvFILYA8VRPvWdzhuV6CRgWzr0y8Eoq8ZFQ4CdR37
HJ+fkAPuoes1Af5wrXkb2u4GRVd4/TVKH3rcovFjCoaWoRML1T/wLezKiuGk08+x
eU09b0Fgdz1rLnFaqNUG3knMtoYFKpL55g5K5t8HEUuEkWpAyAsYE/wnG2VHT062
x46kXgNILwYds19RElYyNKCj5HgBHV318hdZ/uUyncmIkWwZ+zIHnQCls7cCzGHT
PcuztY5BitBGFCpWbBxPPoPuJTA5WEUJG52n0ExqvK5PV2M7hK4=
=gwXi
-----END PGP SIGNATURE-----
News for package nagvis
