Dear users of backports.org, this is an urgent security upload of the latest nagios3 package which should hit unstable today. You may have noticed the following in the changelog: On Wednesday 11 June 2008 09:47, Jan Wagner wrote: > nagios3 (3.0.2-1~bpo40+1) etch-backports; urgency=low > . > * Rebuild for etch-backports. > * add mailx as optional dependency > . > nagios3 (3.0.2-1) unstable; urgency=low > . [...] > * New upstream release (Closes: #485439) > * Fix XSS vulnerability (CVE-2007-5803). For more information about the issue you may refer to the CVE[1] or the bugreport[2]. Anyways ... since nagios2 was also uploaded some time ago, but is removed from testing, I request to remove it from backports.org archive and strongly encourage you to update to nagios3. A migration should straight forward, migrate (copy) over your conf.d/. One remaining issue can be solved by refering /usr/share/doc/nagios3/README.Debian: If you upgrade from Nagios 2 please note that the host-notify-by-email and notify-by-email have been renamed to notify-host-by-email and notify-service-by-email to make the naming more intuitivly. This can be easily done by: sed -i s/host-notify-by-email/notify-host-by-email/g /etc/nagios3/conf.d/* sed -i s/notify-by-email/notify-service-by-email/g /etc/nagios3/conf.d/* With kind regards, Jan. [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5803 [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485439 -- Never write mail to <waja@spamfalle.info>, you have been warned! -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GIT d-- s+: a- C+++ UL++++ P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++ ------END GEEK CODE BLOCK------
Attachment:
pgpXWUaClPq5m.pgp
Description: PGP signature