icingaweb2-module-reporting - Debian Package Tracker

general

source: icingaweb2-module-reporting (main)
version: 1.0.2-2
maintainer: David Kunz (DMD)
arch: all
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

stable: 0.10.0-1
testing: 1.0.2-2
unstable: 1.0.2-2

versioned links

0.10.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0.2-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

icingaweb2-module-reporting (1 bugs: 0, 0, 1, 0)

action needed

A new upstream version is available: 1.0.3 high

A new upstream version 1.0.3 is available, you should consider packaging it.

Created: 2025-03-28 Last update: 2025-03-31 06:30

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2025-27406: Icinga Reporting is the central component for reporting related functionality in the monitoring web frontend and framework Icinga Web 2. A vulnerability present in versions 0.10.0 through 1.0.2 allows to set up a template that allows to embed arbitrary Javascript. This enables the attacker to act on behalf of the user, if the template is being previewed; and act on behalf of the headless browser, if a report using the template is printed to PDF. This issue has been resolved in version 1.0.3 of Icinga Reporting. As a workaround, review all templates and remove suspicious settings.

Created: 2025-03-27 Last update: 2025-03-27 15:27

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2025-27406: Icinga Reporting is the central component for reporting related functionality in the monitoring web frontend and framework Icinga Web 2. A vulnerability present in versions 0.10.0 through 1.0.2 allows to set up a template that allows to embed arbitrary Javascript. This enables the attacker to act on behalf of the user, if the template is being previewed; and act on behalf of the headless browser, if a report using the template is printed to PDF. This issue has been resolved in version 1.0.3 of Icinga Reporting. As a workaround, review all templates and remove suspicious settings.

Created: 2025-03-27 Last update: 2025-03-27 15:27

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2025-03-03 Last update: 2025-03-31 12:01

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.0.3-1, distribution unstable) and new commits in its VCS. You should consider whether it's time to make an upload.

Created: 2025-01-28 Last update: 2025-03-28 09:30

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2025-27406: (needs triaging) Icinga Reporting is the central component for reporting related functionality in the monitoring web frontend and framework Icinga Web 2. A vulnerability present in versions 0.10.0 through 1.0.2 allows to set up a template that allows to embed arbitrary Javascript. This enables the attacker to act on behalf of the user, if the template is being previewed; and act on behalf of the headless browser, if a report using the template is printed to PDF. This issue has been resolved in version 1.0.3 of Icinga Reporting. As a workaround, review all templates and remove suspicious settings.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-03-27 Last update: 2025-03-27 15:27

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.7.0).

Created: 2024-04-07 Last update: 2025-02-27 13:25

news

[rss feed]

[2025-03-01] icingaweb2-module-reporting 1.0.2-2 MIGRATED to testing (Debian testing watch)
[2025-02-24] Accepted icingaweb2-module-reporting 1.0.2-2 (source) into unstable (David Kunz) (signed by: Sakirnth Nagarasa)
[2024-07-08] icingaweb2-module-reporting 1.0.2-1 MIGRATED to testing (Debian testing watch)
[2024-07-02] Accepted icingaweb2-module-reporting 1.0.2-1 (source) into unstable (David Kunz) (signed by: Sakirnth Nagarasa)
[2024-04-02] icingaweb2-module-reporting 1.0.1-1 MIGRATED to testing (Debian testing watch)
[2024-03-27] Accepted icingaweb2-module-reporting 1.0.1-1 (source) into unstable (David Kunz) (signed by: Sakirnth Nagarasa)
[2023-09-16] icingaweb2-module-reporting 0.10.0-2 MIGRATED to testing (Debian testing watch)
[2023-09-11] Accepted icingaweb2-module-reporting 0.10.0-2 (source) into unstable (David Kunz) (signed by: Daniel Baumann)
[2023-02-10] icingaweb2-module-reporting 0.10.0-1 MIGRATED to testing (Debian testing watch)
[2023-02-08] Accepted icingaweb2-module-reporting 0.10.0-1 (source) into unstable (David Kunz) (signed by: Daniel Baumann)
[2022-07-12] icingaweb2-module-reporting 0.9.2+20200529-2 MIGRATED to testing (Debian testing watch)
[2022-02-22] icingaweb2-module-reporting REMOVED from testing (Debian testing watch)
[2022-02-05] icingaweb2-module-reporting 0.9.2+20200529-2 MIGRATED to testing (Debian testing watch)
[2022-02-04] icingaweb2-module-reporting REMOVED from testing (Debian testing watch)
[2022-01-03] icingaweb2-module-reporting 0.9.2+20200529-2 MIGRATED to testing (Debian testing watch)
[2021-12-28] Accepted icingaweb2-module-reporting 0.9.2+20200529-2 (source) into unstable (David Kunz) (signed by: Daniel Baumann)
[2021-02-27] Accepted icingaweb2-module-reporting 0.9.2+20200529-1 (source all) into unstable, unstable (Debian FTP Masters) (signed by: Daniel Baumann)

bugs [bug history graph]

all: 1
RC: 0
I&N: 0
M&W: 1
F&P: 0
patch: 1

links

homepage
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (100, -)

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.0.2-2