Back to xymon PTS page

Accepted xymon 4.3.17-6+deb8u1 (source amd64) into proposed-updates->stable-new, proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted xymon 4.3.17-6+deb8u1 (source amd64) into proposed-updates->stable-new, proposed-updates
From: Christoph Berg <myon@debian.org>
Date: Wed, 04 May 2016 22:58:39 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1ay5kd-00063i-89@franck.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon,  8 Feb 2016 18:56:24 CET
Source: xymon
Binary: xymon xymon-client
Architecture: source amd64
Version: 4.3.17-6+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Christoph Berg <myon@debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Description:
 xymon      - monitoring system for systems, networks and applications
 xymon-client - client for the Xymon network monitor
Changes:
 xymon (4.3.17-6+deb8u1) jessie-security; urgency=high
 .
   * Security update. Several issues were reported by Markus Krell:
     + Resolve buffer overflow when handling "config" file requests
       (CVE-2016-2054)
     + Restrict "config" files to regular files inside the $XYMONHOME/etc/
       directory (symlinks disallowed). Also, require that the initial filename
       end in '.cfg' by default. (CVE-2016-2055)
     + Resolve shell command injection vulnerability in useradm CGI
       (CVE-2016-2056)
     + Tighten permissions on the xymond BFQ used for message submission to
       restrict access to the xymon user and group. It is now 0620.
       (CVE-2016-2057)
     + Restrict javascript execution in current and historical status messages
       by the addition of appropriate Content-Security-Policy headers to
       prevent XSS attacks. (CVE-2016-2058)
Checksums-Sha256: 
 e96ae243805ed37beb38882394b885db3501159e1756e71a03008e52824ed437 2098 xymon_4.3.17-6+deb8u1.dsc
 ee7a6d30d00818ccd1304f588aeab4b3d1f26527229a83959279376e7bf72fe8 100516 xymon_4.3.17-6+deb8u1.debian.tar.xz
 2f254774dfa3bc8b3811c88d3c3332b61e1416c59d9fb999c6425ffc09fc5b7f 2270550 xymon_4.3.17-6+deb8u1_amd64.deb
 cbea348671731db297bf7711ad0b93b7cc84ec3208c35e1c59cdd6f42668b329 249348 xymon-client_4.3.17-6+deb8u1_amd64.deb
 fc912efcf7adb7c5d285bf264fa44ae94fefcbeec32b58d7f9a6184fd9ac19d1 2772765 xymon_4.3.17.orig.tar.gz
Checksums-Sha1: 
 d1cd9c99170daed6580f24470657c8b2dc98fdbd 2098 xymon_4.3.17-6+deb8u1.dsc
 4ec16ae89f497856c2cfedb4113b8db5c49ad66e 100516 xymon_4.3.17-6+deb8u1.debian.tar.xz
 be7191d6ec96560768dc8dfc737cd42d76800ac5 2270550 xymon_4.3.17-6+deb8u1_amd64.deb
 b601e9f89fb1c57ced7ce363e8af3dd83a5d6d60 249348 xymon-client_4.3.17-6+deb8u1_amd64.deb
 1a8ba9e42f27fe3ce4625be745a41bd16ed2d1f9 2772765 xymon_4.3.17.orig.tar.gz
Files: 
 1d86f670d2aa1c5a8079b38075ca84c2 2098 net extra xymon_4.3.17-6+deb8u1.dsc
 89a96f4e4a6b69dfa51f3baffd6d4678 100516 net extra xymon_4.3.17-6+deb8u1.debian.tar.xz
 00967e6df9d1dbb8c099e9e366e2f8e4 2270550 net extra xymon_4.3.17-6+deb8u1_amd64.deb
 52e1ea4b7d26eee69a7b7ca2bd2c1ff5 249348 net extra xymon-client_4.3.17-6+deb8u1_amd64.deb
 d8d119a777e7b7204d1292fb27314312 2772765 net extra xymon_4.3.17.orig.tar.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWuNbVAAoJEExaa6sS0qeuRUAP/2XDR5ZQM7LyeNli5VPLJlHF
cSz5w/mGhenEpajSlVILQqRZAYuSHhJRDtUYVYJeHeyU+6IKb8m1XqxuqgritwyV
2Nr2u3xnahCjf5GgDSCMvzVN/hp/GfWDCpiKE9dRwiMTWaafmdwS2cj04rBYFQ+t
iSL6dcsRx61EO8VssZgLbya65hIMJURIPWgOnEJVNjYFeqQMZwX2/C6UpwygnJO8
IqVtaa8sEIFWp7E+Wm5uzlEgAjsaZzUo0qYMOwOt2k46JA/z75a7HsrNLnFHZDMN
wV0x/EhLmHq2ljrtrW03LP+dA5314DN5U+H3230WV7pjacWMOG87V050n5XBXwkN
I1Y6xMdhee0vQErT+i9ogoRBzQZuxyWBPXrddnHHsKO/pD2VfZzQ1AWvMz+PWkJb
3lfhggSoCKgXpw2lmqV7ugM1v+9e4V7suz6TPm7d6L+FczyDVSsKrOuP959Wm0fn
UfIzmvgMf9JDmg2+VEdvvwFJwbCcDhJPyla6nTYWO2zciw1clWHrxxHYfYnaL6Tg
dnO2MckKDbUH2pq9QezeA8aenO7q1NLPA85d9for515T9pL9MqJD2fIsqljgKCL7
VpylqHH24FIq84f4i0O4EV3Az9P95SaAfIX/9hJUsnHJV8hiSxeh6wfc6kY5XzV9
5GTTwcPz5SC1wr1FJnKh
=znKl
-----END PGP SIGNATURE-----