Debian Package Tracker

general

source: icinga2 (main)
version: 2.9.1-1
maintainer: Debian Nagios Maintainer Group (archive) [DMD]
uploaders: Alexander Wirt [DMD] – Markus Frosch [DMD] – Jan Wagner [DMD]
arch: all any
std-ver: 4.1.5
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-bpo: 2.1.1-1~bpo70+1
oldstable: 2.1.1-1
old-bpo: 2.6.0-2~bpo8+1
stable: 2.6.0-2
testing: 2.9.1-1
unstable: 2.9.1-1

versioned links

2.1.1-1~bpo70+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.1.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.6.0-2~bpo8+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.6.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.7.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.9.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

icinga2
icinga2-bin
icinga2-classicui
icinga2-common
icinga2-doc
icinga2-ido-mysql
icinga2-ido-pgsql
vim-icinga2

action needed

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2017-11-21 Last update: 2018-09-21 14:39

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2018-09-11 Last update: 2018-09-21 13:23

Multiarch hinter reports 3 issue(s) normal

There are issues with the multiarch metadata for this package.

icinga2-doc could be marked Multi-Arch: foreign
vim-icinga2 could be marked Multi-Arch: foreign
icinga2 could be marked Multi-Arch: same

Created: 2016-09-14 Last update: 2018-09-21 13:20

2 new commits since last upload, time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 2.9.1-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 1165cd0c0d2f9abf3d7aad4f40a2d3592982b735
Author: Bas Couwenberg <sebastic@xs4all.nl>
Date:   Tue Aug 28 18:46:00 2018 +0200

    Bump Standards-Version to 4.2.1, no changes.

commit 600a30f86ad270515f462a14ba25d2283bdb6415
Author: Bas Couwenberg <sebastic@xs4all.nl>
Date:   Sun Aug 5 21:09:25 2018 +0200

    Bump Standards-Version to 4.2.0, no changes.

Created: 2018-08-06 Last update: 2018-09-21 08:30

6 ignored security issues in jessie low

There are 6 open security issues in jessie.

6 issues skipped by the security teams:

CVE-2018-6533: An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code (a larger issue than CVE-2017-16933).
CVE-2018-6536: An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script executes a "kill `cat /pathname/icinga2.pid`" command, as demonstrated by icinga2.init.d.cmake.
CVE-2018-6532: An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted (authenticated and unauthenticated) requests, an attacker can exhaust a lot of memory on the server side, triggering the OOM killer.
CVE-2018-6535: An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker.
CVE-2017-16933: etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link.
CVE-2018-6534: An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash.

Please fix them.

Created: 2017-11-24 Last update: 2018-07-27 08:06

6 ignored security issues in stretch low

There are 6 open security issues in stretch.

6 issues skipped by the security teams:

CVE-2018-6533: An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code (a larger issue than CVE-2017-16933).
CVE-2018-6536: An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script executes a "kill `cat /pathname/icinga2.pid`" command, as demonstrated by icinga2.init.d.cmake.
CVE-2018-6532: An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted (authenticated and unauthenticated) requests, an attacker can exhaust a lot of memory on the server side, triggering the OOM killer.
CVE-2018-6535: An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker.
CVE-2017-16933: etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link.
CVE-2018-6534: An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash.

Please fix them.

Created: 2017-11-24 Last update: 2018-07-27 08:06

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2018-07-22 Last update: 2018-07-22 14:04

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.2.1 instead of 4.1.5).

Created: 2018-08-20 Last update: 2018-08-26 08:17

news

[rss feed]

[2018-07-27] icinga2 2.9.1-1 MIGRATED to testing (Debian testing watch)
[2018-07-25] Accepted icinga2 2.9.1-1 (source amd64 all) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2018-07-25] icinga2 2.9.0-1 MIGRATED to testing (Debian testing watch)
[2018-07-25] icinga2 2.9.0-1 MIGRATED to testing (Debian testing watch)
[2018-07-21] Accepted icinga2 2.9.0-1 (source amd64 all) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2018-05-10] icinga2 2.8.4-2 MIGRATED to testing (Debian testing watch)
[2018-05-08] Accepted icinga2 2.8.4-2 (source amd64 all) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2018-05-05] Accepted icinga2 2.8.4-1 (source amd64 all) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2018-05-01] Accepted icinga2 2.8.4-1~exp1 (source amd64 all) into experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2017-08-25] icinga2 REMOVED from testing (Debian testing watch)
[2017-08-23] Accepted icinga2 2.7.0-1 (source amd64 all) into unstable (Alexander Wirt)
[2017-03-29] Accepted icinga2 2.6.3-1 (source amd64 all) into experimental (Alexander Wirt)
[2017-02-13] Accepted icinga2 2.6.2-1~exp1 (source amd64 all) into experimental (Alexander Wirt)
[2017-02-06] Accepted icinga2 2.6.0-2~bpo8+1 (source amd64 all) into jessie-backports (Patrick Matthäi)
[2017-01-31] Accepted icinga2 2.6.1-1~exp1 (source amd64 all) into experimental (Markus Frosch)
[2016-12-31] icinga2 2.6.0-2 MIGRATED to testing (Debian testing watch)
[2016-12-31] icinga2 2.6.0-2 MIGRATED to testing (Debian testing watch)
[2016-12-19] Accepted icinga2 2.6.0-2 (source amd64 all) into unstable (Markus Frosch)
[2016-12-13] Accepted icinga2 2.6.0-1 (source amd64 all) into unstable (Alexander Wirt)
[2016-11-26] Accepted icinga2 2.5.4-3 (source amd64 all) into unstable (Alexander Wirt)
[2016-09-22] icinga2 REMOVED from testing (Debian testing watch)
[2016-09-09] Accepted icinga2 2.5.4-2 (source amd64 all) into unstable (Alexander Wirt)
[2016-08-31] Accepted icinga2 2.5.4-1 (source amd64 all) into unstable (Alexander Wirt)
[2016-08-25] Accepted icinga2 2.5.3-1 (source amd64 all) into unstable (Alexander Wirt)
[2016-08-23] Accepted icinga2 2.5.1-1 (source amd64 all) into unstable (Alexander Wirt)
[2016-05-25] icinga2 2.4.10-1 MIGRATED to testing (Debian testing watch)
[2016-05-24] Accepted icinga2 2.4.10-1~bpo8+1 (source amd64 all) into jessie-backports (Patrick Matthäi)
[2016-05-19] Accepted icinga2 2.4.10-1 (source amd64 all) into unstable (Alexander Wirt)
[2016-05-19] Accepted icinga2 2.4.9-1 (source amd64 all) into unstable (Alexander Wirt)
[2016-05-17] Accepted icinga2 2.4.8-1 (source amd64 all) into unstable (Alexander Wirt)

bugs [bug history graph]

all: 7
RC: 0
I&N: 4
M&W: 2
F&P: 0
patch: 1

links

homepage
lintian
buildd: logs, checks, clang, reproducibility
popcon
debci
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.8.1-0ubuntu2
2 bugs
patches for 2.8.1-0ubuntu2