nagvis - Debian Package Tracker

general

source: nagvis (main)
version: 1:1.9.48-1
maintainer: Debian Nagios Maintainer Group (archive) (DMD)
uploaders: Alexander Wirt [DMD] – Jan Wagner [DMD] – Markus Frosch [DMD] – Adam Cecile [DMD]
arch: all
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1:1.9.25-2
o-o-sec: 1:1.9.25-2+deb11u2
oldstable: 1:1.9.34-1
stable: 1:1.9.47-1
testing: 1:1.9.48-1
unstable: 1:1.9.48-1

versioned links

1:1.9.25-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.9.25-2+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.9.34-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.9.47-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.9.48-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

nagvis
nagvis-demos

action needed

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2025-39665: User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.48 allows an unauthenticated attacker to enumerate Checkmk usernames.

Created: 2025-12-04 Last update: 2025-12-09 05:46

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1:1.9.48-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 3e7c848c3cdc4e8f314f3d9beaa52b9079cd26ac
Author: Bas Couwenberg <sebastic@xs4all.nl>
Date:   Tue Jan 6 05:29:39 2026 +0100

    Add Chinese debconf translations by Yangfl. (closes: #1124724)

commit 15f95f6d603cad562496e0be3dfe51c9502ef6ff
Author: Bas Couwenberg <sebastic@xs4all.nl>
Date:   Sat Jan 3 14:56:21 2026 +0100

    Bump Standards-Version to 4.7.3, changes: priority.

commit 9571df2b3fcef867ccbad0c54f9e334b2997619a
Author: Bas Couwenberg <sebastic@xs4all.nl>
Date:   Sat Jan 3 14:25:17 2026 +0100

    Drop Priority: optional, default since dpkg 1.22.13.

Created: 2026-01-03 Last update: 2026-01-11 22:32

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2025-39665: (needs triaging) User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.48 allows an unauthenticated attacker to enumerate Checkmk usernames.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-12-04 Last update: 2025-12-09 05:46

7 low-priority security issues in bookworm low

There are 7 open security issues in bookworm.

7 issues left for the package maintainer to handle:

CVE-2023-46287: (needs triaging) XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php.
CVE-2024-13722: (needs triaging) The "NagVis" component within Checkmk is vulnerable to reflected cross-site scripting. An attacker can craft a malicious link that will execute arbitrary JavaScript in the context of the browser once clicked. The attack can be performed on both authenticated and unauthenticated users.
CVE-2024-13723: (needs triaging) The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP.
CVE-2024-38866: (needs triaging) Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection
CVE-2024-47090: (needs triaging) Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS
CVE-2024-47093: (needs triaging) Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS
CVE-2025-39665: (needs triaging) User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.48 allows an unauthenticated attacker to enumerate Checkmk usernames.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-10-21 Last update: 2025-12-09 05:46

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.3 instead of 4.7.2).

Created: 2025-12-23 Last update: 2025-12-23 20:00

news

[rss feed]

[2025-12-09] nagvis 1:1.9.48-1 MIGRATED to testing (Debian testing watch)
[2025-12-03] Accepted nagvis 1:1.9.48-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2025-06-28] Accepted nagvis 1:1.9.25-2+deb11u2 (source) into oldstable-security (Daniel Leidert)
[2025-05-30] nagvis 1:1.9.47-1 MIGRATED to testing (Debian testing watch)
[2025-05-28] Accepted nagvis 1:1.9.47-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2025-05-23] Accepted nagvis 1:1.9.47-1~exp1 (source) into experimental (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2025-05-01] Accepted nagvis 1:1.9.25-2+deb11u1 (source) into oldstable-security (Daniel Leidert)
[2025-04-10] nagvis 1:1.9.46-1 MIGRATED to testing (Debian testing watch)
[2025-04-05] Accepted nagvis 1:1.9.46-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2025-03-27] nagvis 1:1.9.45-1 MIGRATED to testing (Debian testing watch)
[2025-03-21] Accepted nagvis 1:1.9.45-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2024-10-06] nagvis 1:1.9.44-1 MIGRATED to testing (Debian testing watch)
[2024-09-30] Accepted nagvis 1:1.9.44-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2024-09-05] nagvis 1:1.9.43-1 MIGRATED to testing (Debian testing watch)
[2024-08-30] Accepted nagvis 1:1.9.43-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2024-07-21] nagvis 1:1.9.42-1 MIGRATED to testing (Debian testing watch)
[2024-07-16] Accepted nagvis 1:1.9.42-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2024-07-14] nagvis 1:1.9.41-1 MIGRATED to testing (Debian testing watch)
[2024-07-08] Accepted nagvis 1:1.9.41-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2024-01-15] nagvis 1:1.9.40-1 MIGRATED to testing (Debian testing watch)
[2024-01-10] Accepted nagvis 1:1.9.40-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2023-12-13] nagvis 1:1.9.39-1 MIGRATED to testing (Debian testing watch)
[2023-12-07] Accepted nagvis 1:1.9.39-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2023-10-20] nagvis 1:1.9.38-1 MIGRATED to testing (Debian testing watch)
[2023-10-15] Accepted nagvis 1:1.9.38-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2023-10-07] nagvis 1:1.9.37-1 MIGRATED to testing (Debian testing watch)
[2023-10-02] Accepted nagvis 1:1.9.37-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2023-07-25] nagvis 1:1.9.36-1 MIGRATED to testing (Debian testing watch)
[2023-07-20] Accepted nagvis 1:1.9.36-1 (source) into unstable (Bas Couwenberg) (signed by: Sebastiaan Couwenberg)
[2023-06-17] nagvis 1:1.9.35-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 1
RC: 0
I&N: 0
M&W: 0
F&P: 1
patch: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (92, 86)
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:1.9.48-1
10 bugs