icingaweb2-module-director - Debian Package Tracker

general

source: icingaweb2-module-director (main)
version: 1.11.6-1
maintainer: David Kunz (DMD)
arch: all
std-ver: 4.7.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.6.0-2
oldstable: 1.10.2-1
stable: 1.11.4-1
testing: 1.11.5-2
unstable: 1.11.6-1

versioned links

1.6.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.11.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.11.5-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.11.6-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

icingaweb2-module-director

action needed

13 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit d8adc2850e1bb7f2bb428bccca90b462719a1b8b
Author: David Kunz <david.kunz@bfh.ch>
Date:   Mon Feb 23 11:40:46 2026 +0100

    Releasing debian verson 1.11.6-1.
    
    Signed-off-by: David Kunz <david.kunz@bfh.ch>

commit ace94aa6a1abe8980b2b14c88319130deb709873
Author: David Kunz <david.kunz@bfh.ch>
Date:   Tue Mar 10 15:31:32 2026 +0100

    Removing Rules-Requires-Root in d/control.
    
    Signed-off-by: David Kunz <david.kunz@bfh.ch>

commit d0c855b35087f4842eff454e2475b94a2b5ab9ae
Author: David Kunz <david.kunz@bfh.ch>
Date:   Wed Mar 4 11:39:17 2026 +0100

    Adding lintian overrides for module.info.
    
    Signed-off-by: David Kunz <david.kunz@bfh.ch>

commit de499496424033bf9b2555f1be3f324d5a88b464
Author: David Kunz <david.kunz@bfh.ch>
Date:   Wed Mar 4 11:38:28 2026 +0100

    Adding lintian overrides for templates.
    
    Signed-off-by: David Kunz <david.kunz@bfh.ch>

commit ac7fae8ca4c2abed61fc7a8b9a57dd0449980006
Author: David Kunz <david.kunz@bfh.ch>
Date:   Tue Feb 24 10:30:51 2026 +0100

    Configure user _director.
    
    Signed-off-by: David Kunz <david.kunz@bfh.ch>

commit 55df311d6ab54c025e726416dd59db22cfd16721
Author: David Kunz <david.kunz@bfh.ch>
Date:   Mon Feb 23 15:37:25 2026 +0100

    Updating d/watch to version 5.
    
    Signed-off-by: David Kunz <david.kunz@bfh.ch>

commit 9cb37acac414794067b526cb6779d6ca85b26d40
Author: David Kunz <david.kunz@bfh.ch>
Date:   Mon Feb 23 13:00:40 2026 +0100

    Updating copyright for d/.
    
    Signed-off-by: David Kunz <david.kunz@bfh.ch>

commit e5128d47520636be688339c8b12ebcf0a9bbc529
Author: David Kunz <david.kunz@bfh.ch>
Date:   Mon Feb 23 11:28:02 2026 +0100

    Updating d/rules.
    
    Signed-off-by: David Kunz <david.kunz@bfh.ch>

commit 5f44490a4615ed3986faa9e087545749709f9c35
Author: David Kunz <david.kunz@bfh.ch>
Date:   Mon Feb 23 11:22:57 2026 +0100

    Rename files in debian.
    
    Signed-off-by: David Kunz <david.kunz@bfh.ch>

commit 882b9ea1adebd24533d0e06b0f641478cc10794d
Author: David Kunz <david.kunz@bfh.ch>
Date:   Mon Feb 23 11:20:58 2026 +0100

    Updating Standards-Version to 4.7.3.
    
    Signed-off-by: David Kunz <david.kunz@bfh.ch>

commit cd93cae686bb40c8bbef42f47c5197f3501a3acf
Author: David Kunz <david.kunz@bfh.ch>
Date:   Mon Feb 23 11:17:25 2026 +0100

    Merging upstream version 1.11.6.
    
    Signed-off-by: David Kunz <david.kunz@bfh.ch>

commit 554c454f193919abe5175c2ed600b398144d7265
Author: David Kunz <david.kunz@dknet.ch>
Date:   Wed Dec 10 14:52:45 2025 +0100

    Update debian/salsa-ci.yml file

commit 1ed3571ec48cb68b464a829617de27b5355e57f5
Author: David Kunz <david.kunz@bfh.ch>
Date:   Tue Sep 23 12:56:05 2025 +0200

    Releasing debian verson 1.11.5-2.
    
    Signed-off-by: David Kunz <david.kunz@bfh.ch>

Created: 2025-09-23 Last update: 2026-03-10 21:34

debian/patches: 4 patches to forward upstream low

Among the 4 debian patches available in version 1.11.6-1 of the package, we noticed the following issues:

4 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2026-03-11 11:03

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:

CVE-2024-24820: (needs triaging) Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director's configuration forms used to manipulate the monitoring environment are protected against cross site request forgery (CSRF). It enables attackers to perform changes in the monitoring environment managed by Icinga Director without the awareness of the victim. Users of the map module in version 1.x, should immediately upgrade to v2.0. The mentioned XSS vulnerabilities in Icinga Web are already fixed as well and upgrades to the most recent release of the 2.9, 2.10 or 2.11 branch must be performed if not done yet. Any later major release is also suitable. Icinga Director will receive minor updates to the 1.8, 1.9, 1.10 and 1.11 branches to remedy this issue. Upgrade immediately to a patched release. If that is not feasible, disable the director module for the time being.
CVE-2025-23203: (needs triaging) Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.4 and 1.11.4 on several director endpoints of REST API. To reproduce this vulnerability an authenticated user with permission to access the Director is required (plus api access with regard to the api endpoints). And even though some of these Icinga Director users are restricted from accessing certain objects, are able to retrieve information related to them if their name is known. This makes it possible to change the configuration of these objects by those Icinga Director users restricted from accessing them. This results in further exploitation, data breaches and sensitive information disclosure. Affected endpoints include icingaweb2/director/service, if the host name is left out of the query; icingaweb2/directore/notification; icingaweb2/director/serviceset; and icingaweb2/director/scheduled-downtime. In addition, the endpoint `icingaweb2/director/services?host=filteredHostName` returns a status code 200 even though the services for the host is filtered. This in turn lets the restricted user know that the host `filteredHostName` exists even though the user is restricted from accessing it. This could again result in further exploitation of this information and data breaches. Icinga Director has patches in versions 1.10.4 and 1.11.4. If upgrading is not feasible, disable the director module for the users other than admin role for the time being.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-11-14 Last update: 2026-03-10 23:02

testing migrations

excuses:
- Migration status for icingaweb2-module-director (1.11.5-2 to 1.11.6-1): Waiting for test results or another package, or too young (no action required now - check later)
- Issues preventing migration:
- ∙ ∙ Too young, only 3 of 5 days old
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/i/icingaweb2-module-director.html
- ∙ ∙ Reproduced on amd64
- ∙ ∙ Reproduced on arm64
- ∙ ∙ Reproduced on armhf
- ∙ ∙ Reproduced on i386
- ∙ ∙ Reproduced on ppc64el
- Not considered

news

[rss feed]

[2026-03-10] Accepted icingaweb2-module-director 1.11.6-1 (source) into unstable (David Kunz) (signed by: 李健秋 Andrew Lee)
[2025-10-01] icingaweb2-module-director 1.11.5-2 MIGRATED to testing (Debian testing watch)
[2025-09-25] Accepted icingaweb2-module-director 1.11.5-2 (source) into unstable (David Kunz) (signed by: Daniel Baumann)
[2025-08-04] Accepted icingaweb2-module-director 1.11.5-1 (source) into experimental (David Kunz) (signed by: Daniel Baumann)
[2025-04-07] icingaweb2-module-director 1.11.4-1 MIGRATED to testing (Debian testing watch)
[2025-04-01] Accepted icingaweb2-module-director 1.11.4-1 (source) into unstable (David Kunz) (signed by: Sakirnth Nagarasa)
[2024-04-01] icingaweb2-module-director 1.11.1-1 MIGRATED to testing (Debian testing watch)
[2024-03-25] Accepted icingaweb2-module-director 1.11.1-1 (source) into unstable (David Kunz) (signed by: Sakirnth Nagarasa)
[2023-09-16] icingaweb2-module-director 1.10.2-2 MIGRATED to testing (Debian testing watch)
[2023-09-11] Accepted icingaweb2-module-director 1.10.2-2 (source) into unstable (David Kunz) (signed by: Daniel Baumann)
[2023-02-10] icingaweb2-module-director 1.10.2-1 MIGRATED to testing (Debian testing watch)
[2023-02-08] Accepted icingaweb2-module-director 1.10.2-1 (source) into unstable (David Kunz) (signed by: Daniel Baumann)
[2022-10-20] icingaweb2-module-director 1.8.1-2.1 MIGRATED to testing (Debian testing watch)
[2022-10-15] Accepted icingaweb2-module-director 1.8.1-2.1 (source) into unstable (Michael Biebl)
[2022-07-12] icingaweb2-module-director 1.8.1-2 MIGRATED to testing (Debian testing watch)
[2022-02-22] icingaweb2-module-director REMOVED from testing (Debian testing watch)
[2022-02-05] icingaweb2-module-director 1.8.1-2 MIGRATED to testing (Debian testing watch)
[2022-02-04] icingaweb2-module-director REMOVED from testing (Debian testing watch)
[2022-01-03] icingaweb2-module-director 1.8.1-2 MIGRATED to testing (Debian testing watch)
[2021-12-28] Accepted icingaweb2-module-director 1.8.1-2 (source) into unstable (David Kunz) (signed by: Daniel Baumann)
[2021-11-28] icingaweb2-module-director 1.8.1-1 MIGRATED to testing (Debian testing watch)
[2021-08-11] Accepted icingaweb2-module-director 1.8.1-1 (source) into unstable (David Kunz) (signed by: Daniel Baumann)
[2021-02-01] Accepted icingaweb2-module-director 1.8.0-1 (source) into unstable (David Kunz) (signed by: Daniel Baumann)
[2020-09-05] icingaweb2-module-director 1.6.0-2 MIGRATED to testing (Debian testing watch)
[2020-08-30] Accepted icingaweb2-module-director 1.6.0-2 (source) into unstable (David Kunz) (signed by: Daniel Baumann)
[2019-09-06] Accepted icingaweb2-module-director 1.6.0-1 (source all) into unstable, unstable (David Kunz) (signed by: Daniel Baumann)

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
l10n (100, 97)
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.11.5-2
1 bug