Register | Log in

monit

utility for monitoring and managing daemons or similar programs

Choose email to subscribe with

general

source: monit (main)
version: 1:5.25.2-3
maintainer: Sergey B Kirpichev [DMD] [dm]
arch: any
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 1:5.9-1+deb8u1
old-sec: 1:5.9-1+deb8u2
stable: 1:5.20.0-6
testing: 1:5.25.2-3
unstable: 1:5.25.2-3

versioned links

1:5.9-1+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:5.9-1+deb8u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:5.20.0-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:5.25.2-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

monit

action needed

A new upstream version is available: 5.25.3 high

A new upstream version 5.25.3 is available, you should consider packaging it.

Created: 2019-03-05 Last update: 2019-05-18 23:32

The VCS repository is not up to date, push the missing commits. high

vcswatch reports that the current version of the package is not in its VCS.
Either you need to push your commits, or the information about the package's VCS are out of date. A common cause of the latter issue when using the Git VCS is not specifying the correct branch when the packaging is not in the default one (remote HEAD branch), which is usually "master" but can be modified in salsa.debian.org in the project's general settings with the "Default Branch" field). Alternatively the Vcs-Git field in debian/control can contain a "-b <branch-name>" suffix to indicate what branch is used for the Debian packaging.

Created: 2019-02-17 Last update: 2019-05-18 15:05

2 security issues in buster high

There are 2 open security issues in buster.

2 important issues:

CVE-2019-11455: A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).
CVE-2019-11454: Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation.

Please fix them.

Created: 2019-04-23 Last update: 2019-04-28 04:18

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2019-11455: A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).
CVE-2019-11454: Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation.

Please fix them.

Created: 2019-04-23 Last update: 2019-04-28 04:18

2 security issues in stretch high

There are 2 open security issues in stretch.

2 important issues:

CVE-2019-11455: A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).
CVE-2019-11454: Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation.

Please fix them.

Created: 2019-04-23 Last update: 2019-04-28 04:18

Depends on packages which need a new maintainer normal

The packages that monit depends on which need a new maintainer are:

lsb (#924519)
- Depends: lsb-base

Created: 2019-03-13 Last update: 2019-05-19 03:06

1 ignored security issue in jessie low

There is 1 open security issue in jessie.

1 issue skipped by the security teams:

CVE-2016-7067: Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service.

Please fix it.

Created: 2016-10-28 Last update: 2019-04-28 04:18

news

[2019-04-26] Accepted monit 1:5.9-1+deb8u2 (source amd64) into oldstable (Thorsten Alteholz)
[2019-02-27] monit 1:5.25.2-3 MIGRATED to testing (Debian testing watch)
[2019-02-17] Accepted monit 1:5.25.2-3 (source) into unstable (Sergey B Kirpichev)
[2018-12-26] monit 1:5.25.2-2 MIGRATED to testing (Debian testing watch)
[2018-12-21] Accepted monit 1:5.25.2-2 (source amd64) into unstable (Sergey B Kirpichev)
[2018-06-06] monit 1:5.25.2-1 MIGRATED to testing (Debian testing watch)
[2018-06-01] Accepted monit 1:5.25.2-1 (source amd64) into unstable (Sergey B Kirpichev)
[2017-12-03] monit 1:5.25.1-1 MIGRATED to testing (Debian testing watch)
[2017-11-28] Accepted monit 1:5.25.1-1 (source) into unstable (Sergey B Kirpichev)
[2017-09-04] monit 1:5.23.0-4 MIGRATED to testing (Debian testing watch)
[2017-08-29] Accepted monit 1:5.23.0-4 (source) into unstable (Sergey B Kirpichev)
[2017-08-28] Accepted monit 1:5.23.0-3 (source amd64) into unstable (Sergey B Kirpichev)
[2017-07-13] monit 1:5.23.0-2 MIGRATED to testing (Debian testing watch)
[2017-07-08] Accepted monit 1:5.23.0-2 (source amd64) into unstable (Sergey B Kirpichev)
[2017-07-07] Accepted monit 1:5.23.0-1 (source amd64) into unstable (Sergey B Kirpichev)
[2017-06-20] monit 1:5.22.0-1 MIGRATED to testing (Debian testing watch)
[2017-04-22] Accepted monit 1:5.22.0-1 (source amd64) into unstable (Sergey B Kirpichev)
[2017-04-13] Accepted monit 1:5.21.0-1 (source amd64) into unstable (Sergey B Kirpichev)
[2017-01-22] monit 1:5.20.0-6 MIGRATED to testing (Debian testing watch)
[2017-01-11] Accepted monit 1:5.20.0-6 (source amd64) into unstable (Sergey B Kirpichev)
[2017-01-09] Accepted monit 1:5.20.0-5 (source amd64) into unstable (Sergey B Kirpichev)
[2016-12-12] Accepted monit 1:5.4-2+deb7u3 (source amd64) into oldstable (Jonas Meurer)
[2016-12-08] monit 1:5.20.0-4 MIGRATED to testing (Debian testing watch)
[2016-12-06] Accepted monit 1:5.4-2+deb7u2 (source amd64) into oldstable (Jonas Meurer)
[2016-12-02] Accepted monit 1:5.4-2+deb7u1 (source amd64) into oldstable (Jonas Meurer)
[2016-12-02] Accepted monit 1:5.20.0-4 (source) into unstable (Sergey B Kirpichev)
[2016-11-30] Accepted monit 1:5.20.0-3~bpo8+1 (source amd64) into jessie-backports (Sergey B Kirpichev)
[2016-11-28] monit 1:5.20.0-3 MIGRATED to testing (Debian testing watch)
[2016-11-14] Accepted monit 1:5.20.0-3 (source amd64) into unstable (Sergey B Kirpichev)
[2016-11-10] Accepted monit 1:5.20.0-2 (source amd64) into unstable (Sergey B Kirpichev)

1
2

bugs [bug history graph]

all: 4
RC: 0
I&N: 3
M&W: 0
F&P: 1
patch: 0

links

homepage
lintian
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:5.25.2-3
10 bugs (2 patches)

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing