icingaweb2-module-director - Debian Package Tracker

general

source: icingaweb2-module-director (main)
version: 1.11.5-2
maintainer: David Kunz (DMD)
arch: all
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.6.0-2
oldstable: 1.10.2-1
stable: 1.11.4-1
testing: 1.11.4-1
unstable: 1.11.5-2

versioned links

1.6.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.11.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.11.5-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

icingaweb2-module-director

action needed

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 1ed3571ec48cb68b464a829617de27b5355e57f5
Author: David Kunz <david.kunz@bfh.ch>
Date:   Tue Sep 23 12:56:05 2025 +0200

    Releasing debian verson 1.11.5-2.
    
    Signed-off-by: David Kunz <david.kunz@bfh.ch>

Created: 2025-09-23 Last update: 2025-09-25 22:00

debian/patches: 4 patches to forward upstream low

Among the 4 debian patches available in version 1.11.5-2 of the package, we noticed the following issues:

4 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-09-26 06:32

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:

CVE-2024-24820: (needs triaging) Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director's configuration forms used to manipulate the monitoring environment are protected against cross site request forgery (CSRF). It enables attackers to perform changes in the monitoring environment managed by Icinga Director without the awareness of the victim. Users of the map module in version 1.x, should immediately upgrade to v2.0. The mentioned XSS vulnerabilities in Icinga Web are already fixed as well and upgrades to the most recent release of the 2.9, 2.10 or 2.11 branch must be performed if not done yet. Any later major release is also suitable. Icinga Director will receive minor updates to the 1.8, 1.9, 1.10 and 1.11 branches to remedy this issue. Upgrade immediately to a patched release. If that is not feasible, disable the director module for the time being.
CVE-2025-23203: (needs triaging) Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.3 and 1.11.3 on several director endpoints of REST API. To reproduce this vulnerability an authenticated user with permission to access the Director is required (plus api access with regard to the api endpoints). And even though some of these Icinga Director users are restricted from accessing certain objects, are able to retrieve information related to them if their name is known. This makes it possible to change the configuration of these objects by those Icinga Director users restricted from accessing them. This results in further exploitation, data breaches and sensitive information disclosure. Affected endpoints include icingaweb2/director/service, if the host name is left out of the query; icingaweb2/directore/notification; icingaweb2/director/serviceset; and icingaweb2/director/scheduled-downtime. In addition, the endpoint `icingaweb2/director/services?host=filteredHostName` returns a status code 200 even though the services for the host is filtered. This in turn lets the restricted user know that the host `filteredHostName` exists even though the user is restricted from accessing it. This could again result in further exploitation of this information and data breaches. Icinga Director has patches in versions 1.10.3 and 1.11.1. If upgrading is not feasible, disable the director module for the users other than admin role for the time being.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-11-14 Last update: 2025-09-25 22:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.7.0).

Created: 2024-04-07 Last update: 2025-09-26 01:00

testing migrations

excuses:
- Migration status for icingaweb2-module-director (1.11.4-1 to 1.11.5-2): Waiting for test results or another package, or too young (no action required now - check later)
- Issues preventing migration:
- ∙ ∙ Too young, only 4 of 5 days old
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/i/icingaweb2-module-director.html
- ∙ ∙ Reproducible on amd64 - info ♻
- ∙ ∙ Reproducible on arm64 - info ♻
- Not considered

news

[rss feed]

[2025-09-25] Accepted icingaweb2-module-director 1.11.5-2 (source) into unstable (David Kunz) (signed by: Daniel Baumann)
[2025-08-04] Accepted icingaweb2-module-director 1.11.5-1 (source) into experimental (David Kunz) (signed by: Daniel Baumann)
[2025-04-07] icingaweb2-module-director 1.11.4-1 MIGRATED to testing (Debian testing watch)
[2025-04-01] Accepted icingaweb2-module-director 1.11.4-1 (source) into unstable (David Kunz) (signed by: Sakirnth Nagarasa)
[2024-04-01] icingaweb2-module-director 1.11.1-1 MIGRATED to testing (Debian testing watch)
[2024-03-25] Accepted icingaweb2-module-director 1.11.1-1 (source) into unstable (David Kunz) (signed by: Sakirnth Nagarasa)
[2023-09-16] icingaweb2-module-director 1.10.2-2 MIGRATED to testing (Debian testing watch)
[2023-09-11] Accepted icingaweb2-module-director 1.10.2-2 (source) into unstable (David Kunz) (signed by: Daniel Baumann)
[2023-02-10] icingaweb2-module-director 1.10.2-1 MIGRATED to testing (Debian testing watch)
[2023-02-08] Accepted icingaweb2-module-director 1.10.2-1 (source) into unstable (David Kunz) (signed by: Daniel Baumann)
[2022-10-20] icingaweb2-module-director 1.8.1-2.1 MIGRATED to testing (Debian testing watch)
[2022-10-15] Accepted icingaweb2-module-director 1.8.1-2.1 (source) into unstable (Michael Biebl)
[2022-07-12] icingaweb2-module-director 1.8.1-2 MIGRATED to testing (Debian testing watch)
[2022-02-22] icingaweb2-module-director REMOVED from testing (Debian testing watch)
[2022-02-05] icingaweb2-module-director 1.8.1-2 MIGRATED to testing (Debian testing watch)
[2022-02-04] icingaweb2-module-director REMOVED from testing (Debian testing watch)
[2022-01-03] icingaweb2-module-director 1.8.1-2 MIGRATED to testing (Debian testing watch)
[2021-12-28] Accepted icingaweb2-module-director 1.8.1-2 (source) into unstable (David Kunz) (signed by: Daniel Baumann)
[2021-11-28] icingaweb2-module-director 1.8.1-1 MIGRATED to testing (Debian testing watch)
[2021-08-11] Accepted icingaweb2-module-director 1.8.1-1 (source) into unstable (David Kunz) (signed by: Daniel Baumann)
[2021-02-01] Accepted icingaweb2-module-director 1.8.0-1 (source) into unstable (David Kunz) (signed by: Daniel Baumann)
[2020-09-05] icingaweb2-module-director 1.6.0-2 MIGRATED to testing (Debian testing watch)
[2020-08-30] Accepted icingaweb2-module-director 1.6.0-2 (source) into unstable (David Kunz) (signed by: Daniel Baumann)
[2019-09-06] Accepted icingaweb2-module-director 1.6.0-1 (source all) into unstable, unstable (David Kunz) (signed by: Daniel Baumann)

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (100, 97)
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.11.4-1
1 bug