net-mgmt/nagios has a command injection vulnerability. I took a quick look at coming up with a patch in my limited time today but there are some patching issues with the existing things in files/patch*. I want to get this PR into the system so that the maintainer is aware of it and can work on a solution as time permits. The VuXML entry is available at: http://www.vuxml.org/freebsd/3ebd4cb5-657f-11de-883a-00e0815b8da8.html I've CC'ed the maintainer on this and will work with him to make sure an updated version hits the tree when it's ready. Fix: N/A How-To-Repeat: N/A
Responsible Changed From-To: freebsd-ports-bugs->wxs Submitter has GNATS access (via the GNATS Auto Assign Tool)
Maintainer of net-mgmt/nagios, Please note that PR ports/136187 has just been submitted. If it contains a patch for an upgrade, an enhancement or a bug fix you agree on, reply to this email stating that you approve the patch and a committer will take care of it. The full text of the PR can be found at: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/136187 -- Edwin Groothuis via the GNATS Auto Assign Tool edwin@FreeBSD.org
State Changed From-To: open->feedback Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Gentlemen, good day. I had updated the current port to 3.1.2 and tested the updated port on two my Nagios masters, one running embedded Perl interpreter and another one running without Perl. No regressions were seen up to now. Updated port also builds fine on my Tinderbox for 6.x, 7.x and 8.x. -- Eygene _ ___ _.--. # \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard / ' ` , __.--' # to read the on-line manual )/' _/ \ `-_, / # while single-stepping the kernel. `-'" `"\_ ,_.-;_.-\_ ', fsc/as # _.-'_./ {_.' ; / # -- FreeBSD Developers handbook {_.-``-' {_/ #
A patch to resolve CVE-2009-2288 in net-mgmt/nagios can be found at: http://www.netleader.com.au/~jarrod/FreeBSD/net-mgmt-nagios-3.0.6_2.diff Jarrod.
State Changed From-To: feedback->closed Closed with the commit of the patch in ports/136374
wxs 2009-07-14 12:54:20 UTC FreeBSD ports repository Modified files: net-mgmt/nagios Makefile Added files: net-mgmt/nagios/files patch-cgi-statuswml.c Log: - Address command injection vulnerability PR: ports/136187 Submitted by: Jarrod Sayers <jarrod@netleader.com.au> Security: 3ebd4cb5-657f-11de-883a-00e0815b8da8 Revision Changes Path 1.80 +1 -1 ports/net-mgmt/nagios/Makefile 1.1 +51 -0 ports/net-mgmt/nagios/files/patch-cgi-statuswml.c (new) _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"