Debian Package Tracker

general

source: icinga2 (main)
version: 2.10.2-1
maintainer: Debian Nagios Maintainer Group (archive) [DMD]
uploaders: Alexander Wirt [DMD] – Markus Frosch [DMD] – Jan Wagner [DMD]
arch: all any
std-ver: 4.2.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-bpo: 2.1.1-1~bpo70+1
oldstable: 2.1.1-1
old-bpo: 2.6.0-2~bpo8+1
stable: 2.6.0-2
stable-bpo: 2.10.2-1~bpo9+1
stable-p-u: 2.6.0-2+deb9u1
testing: 2.10.2-1
unstable: 2.10.2-1

versioned links

2.1.1-1~bpo70+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.1.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.6.0-2~bpo8+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.6.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.6.0-2+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.7.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.10.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.10.2-1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.10.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

icinga2
icinga2-bin
icinga2-classicui
icinga2-common
icinga2-doc
icinga2-ido-mysql
icinga2-ido-pgsql
vim-icinga2

action needed

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2018-10-01 Last update: 2019-01-17 07:43

Depends on packages which need a new maintainer normal

The packages that icinga2 depends on which need a new maintainer are:

apache2 (#910917)
- Depends: apache2-utils
- Recommends: apache2

Created: 2018-10-13 Last update: 2019-01-17 06:22

Multiarch hinter reports 3 issue(s) normal

There are issues with the multiarch metadata for this package.

icinga2-doc could be marked Multi-Arch: foreign
vim-icinga2 could be marked Multi-Arch: foreign
icinga2 could be marked Multi-Arch: same

Created: 2016-09-14 Last update: 2019-01-17 06:04

1 new commit since last upload, time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 2.10.2-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit dc439a8784c269a7a8e5b9f7983dea2a0dfec62b
Author: Bas Couwenberg <sebastic@xs4all.nl>
Date:   Tue Dec 25 23:27:34 2018 +0100

    Bump Standards-Version to 4.3.0, no changes.

Created: 2018-12-26 Last update: 2019-01-16 21:59

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2018-09-11 Last update: 2019-01-16 16:32

lintian reports 9 warnings normal

Lintian reports 9 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2019-01-15 Last update: 2019-01-15 06:04

6 ignored security issues in stretch low

There are 6 open security issues in stretch.

6 issues skipped by the security teams:

CVE-2018-6536: An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script executes a "kill `cat /pathname/icinga2.pid`" command, as demonstrated by icinga2.init.d.cmake.
CVE-2018-6534: An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash.
CVE-2018-6535: An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker.
CVE-2017-16933: etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link.
CVE-2018-6533: An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code (a larger issue than CVE-2017-16933).
CVE-2018-6532: An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted (authenticated and unauthenticated) requests, an attacker can exhaust a lot of memory on the server side, triggering the OOM killer.

Please fix them.

Created: 2017-11-24 Last update: 2018-11-22 11:25

6 ignored security issues in jessie low

There are 6 open security issues in jessie.

6 issues skipped by the security teams:

CVE-2018-6536: An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script executes a "kill `cat /pathname/icinga2.pid`" command, as demonstrated by icinga2.init.d.cmake.
CVE-2018-6534: An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash.
CVE-2018-6535: An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker.
CVE-2017-16933: etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link.
CVE-2018-6533: An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code (a larger issue than CVE-2017-16933).
CVE-2018-6532: An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted (authenticated and unauthenticated) requests, an attacker can exhaust a lot of memory on the server side, triggering the OOM killer.

Please fix them.

Created: 2017-11-24 Last update: 2018-11-22 11:25

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2018-10-21 Last update: 2018-10-21 04:08

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.3.0 instead of 4.2.1).

Created: 2018-12-23 Last update: 2018-12-23 17:15

news

[rss feed]

[2019-01-06] Accepted icinga2 2.10.2-1~bpo9+1 (source) into stretch-backports (Chris Boot)
[2018-12-18] Accepted icinga2 2.6.0-2+deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Felix Geyer)
[2018-11-23] icinga2 2.10.2-1 MIGRATED to testing (Debian testing watch)
[2018-11-19] Accepted icinga2 2.10.2-1 (source amd64 all) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2018-11-04] Accepted icinga2 2.10.1-3~bpo9+1 (source) into stretch-backports (Chris Boot)
[2018-11-04] icinga2 2.10.1-3 MIGRATED to testing (Debian testing watch)
[2018-11-04] icinga2 2.10.1-3 MIGRATED to testing (Debian testing watch)
[2018-11-01] Accepted icinga2 2.10.1-3 (source amd64 all) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2018-10-26] Accepted icinga2 2.10.1-2~bpo9+1 (source) into stretch-backports (Chris Boot)
[2018-10-26] icinga2 2.10.1-2 MIGRATED to testing (Debian testing watch)
[2018-10-23] Accepted icinga2 2.10.1-2 (source amd64 all) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2018-10-23] icinga2 2.10.1-1 MIGRATED to testing (Debian testing watch)
[2018-10-20] Accepted icinga2 2.10.1-1 (source amd64 all) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2018-10-15] Accepted icinga2 2.10.0-1~exp1 (source amd64 all) into experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2018-10-09] Accepted icinga2 2.9.2-1~bpo9+1 (source amd64 all) into stretch-backports, stretch-backports (Chris Boot)
[2018-09-30] icinga2 2.9.2-1 MIGRATED to testing (Debian testing watch)
[2018-09-28] Accepted icinga2 2.9.2-1 (source amd64 all) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2018-07-27] icinga2 2.9.1-1 MIGRATED to testing (Debian testing watch)
[2018-07-25] Accepted icinga2 2.9.1-1 (source amd64 all) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2018-07-25] icinga2 2.9.0-1 MIGRATED to testing (Debian testing watch)
[2018-07-25] icinga2 2.9.0-1 MIGRATED to testing (Debian testing watch)
[2018-07-21] Accepted icinga2 2.9.0-1 (source amd64 all) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2018-05-10] icinga2 2.8.4-2 MIGRATED to testing (Debian testing watch)
[2018-05-08] Accepted icinga2 2.8.4-2 (source amd64 all) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2018-05-05] Accepted icinga2 2.8.4-1 (source amd64 all) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2018-05-01] Accepted icinga2 2.8.4-1~exp1 (source amd64 all) into experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2017-08-25] icinga2 REMOVED from testing (Debian testing watch)
[2017-08-23] Accepted icinga2 2.7.0-1 (source amd64 all) into unstable (Alexander Wirt)
[2017-03-29] Accepted icinga2 2.6.3-1 (source amd64 all) into experimental (Alexander Wirt)
[2017-02-13] Accepted icinga2 2.6.2-1~exp1 (source amd64 all) into experimental (Alexander Wirt)

bugs [bug history graph]

all: 6
RC: 0
I&N: 4
M&W: 2
F&P: 0
patch: 1

links

homepage
lintian (0, 9)
buildd: logs, checks, clang, reproducibility
popcon
debci
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.10.2-1
2 bugs