CVE-2015-8010: Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.
CVE-2016-9566: base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.
Please fix them.
Last update: 2018-06-02
Standards version of the package is outdated.
The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.1.4 instead of