nagvis - Debian Package Tracker

general

source: nagvis (main)
version: 1:1.10.0-1
maintainer: Debian Nagios Maintainer Group (archive) (DMD)
uploaders: Alexander Wirt [DMD] – Jan Wagner [DMD] – Markus Frosch [DMD] – Adam Cecile [DMD]
arch: all
std-ver: 4.7.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1:1.9.25-2
o-o-sec: 1:1.9.25-2+deb11u2
oldstable: 1:1.9.34-1
stable: 1:1.9.47-1
testing: 1:1.10.0-1
unstable: 1:1.10.0-1

versioned links

1:1.9.25-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.9.25-2+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.9.34-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.9.47-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.10.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

nagvis
nagvis-demos

action needed

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2025-39665: User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.48 allows an unauthenticated attacker to enumerate Checkmk usernames.

Created: 2025-12-04 Last update: 2026-04-07 04:30

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1:1.10.0-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit ee02abb1ea27406d9d7df22ca647b71d56daa1b1
Author: Bas Couwenberg <sebastic@xs4all.nl>
Date:   Sat Apr 4 10:28:32 2026 +0200

    Bump Standards-Version to 4.7.4, no changes.

Created: 2026-04-04 Last update: 2026-04-04 10:01

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2025-39665: (needs triaging) User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.48 allows an unauthenticated attacker to enumerate Checkmk usernames.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-12-04 Last update: 2026-04-07 04:30

7 low-priority security issues in bookworm low

There are 7 open security issues in bookworm.

7 issues left for the package maintainer to handle:

CVE-2023-46287: (needs triaging) XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php.
CVE-2024-13722: (needs triaging) The "NagVis" component within Checkmk is vulnerable to reflected cross-site scripting. An attacker can craft a malicious link that will execute arbitrary JavaScript in the context of the browser once clicked. The attack can be performed on both authenticated and unauthenticated users.
CVE-2024-13723: (needs triaging) The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP.
CVE-2024-38866: (needs triaging) Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection
CVE-2024-47090: (needs triaging) Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS
CVE-2024-47093: (needs triaging) Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS
CVE-2025-39665: (needs triaging) User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.48 allows an unauthenticated attacker to enumerate Checkmk usernames.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-10-21 Last update: 2026-04-07 04:30

Issues found with some translations low

Automatic checks made by the Debian l10n team found some issues with the translations contained in this package. You should check the l10n status report for more information.

Issues can be things such as missing translations, problematic translated strings, outdated PO files, unknown languages, etc.

Created: 2026-04-01 Last update: 2026-04-01 14:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.3).

Created: 2025-12-23 Last update: 2026-04-02 16:30

news

[rss feed]

[2026-04-07] nagvis 1:1.10.0-1 MIGRATED to testing (Debian testing watch)
[2026-04-02] Accepted nagvis 1:1.10.0-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2026-03-31] Accepted nagvis 1:1.9.49-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2025-12-09] nagvis 1:1.9.48-1 MIGRATED to testing (Debian testing watch)
[2025-12-03] Accepted nagvis 1:1.9.48-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2025-06-28] Accepted nagvis 1:1.9.25-2+deb11u2 (source) into oldstable-security (Daniel Leidert)
[2025-05-30] nagvis 1:1.9.47-1 MIGRATED to testing (Debian testing watch)
[2025-05-28] Accepted nagvis 1:1.9.47-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2025-05-23] Accepted nagvis 1:1.9.47-1~exp1 (source) into experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2025-05-01] Accepted nagvis 1:1.9.25-2+deb11u1 (source) into oldstable-security (Daniel Leidert)
[2025-04-10] nagvis 1:1.9.46-1 MIGRATED to testing (Debian testing watch)
[2025-04-05] Accepted nagvis 1:1.9.46-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2025-03-27] nagvis 1:1.9.45-1 MIGRATED to testing (Debian testing watch)
[2025-03-21] Accepted nagvis 1:1.9.45-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2024-10-06] nagvis 1:1.9.44-1 MIGRATED to testing (Debian testing watch)
[2024-09-30] Accepted nagvis 1:1.9.44-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2024-09-05] nagvis 1:1.9.43-1 MIGRATED to testing (Debian testing watch)
[2024-08-30] Accepted nagvis 1:1.9.43-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2024-07-21] nagvis 1:1.9.42-1 MIGRATED to testing (Debian testing watch)
[2024-07-16] Accepted nagvis 1:1.9.42-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2024-07-14] nagvis 1:1.9.41-1 MIGRATED to testing (Debian testing watch)
[2024-07-08] Accepted nagvis 1:1.9.41-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2024-01-15] nagvis 1:1.9.40-1 MIGRATED to testing (Debian testing watch)
[2024-01-10] Accepted nagvis 1:1.9.40-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2023-12-13] nagvis 1:1.9.39-1 MIGRATED to testing (Debian testing watch)
[2023-12-07] Accepted nagvis 1:1.9.39-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2023-10-20] nagvis 1:1.9.38-1 MIGRATED to testing (Debian testing watch)
[2023-10-15] Accepted nagvis 1:1.9.38-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2023-10-07] nagvis 1:1.9.37-1 MIGRATED to testing (Debian testing watch)
[2023-10-02] Accepted nagvis 1:1.9.37-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (93, 86)
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:1.9.48-1
10 bugs