Accepted xymon 4.3.28-2+deb9u1 (source amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 23 Aug 2019 01:09:07 +0200
Source: xymon
Binary: xymon xymon-client
Architecture: source amd64
Version: 4.3.28-2+deb9u1
Distribution: stretch
Urgency: high
Maintainer: Christoph Berg <myon@debian.org>
Changed-By: Axel Beckert <abe@debian.org>
Description:
xymon - monitoring system for systems, networks and applications
xymon-client - client for the Xymon network monitor
Closes: 935470
Changes:
xymon (4.3.28-2+deb9u1) stretch; urgency=high
.
* Apply minimal upstream security patch to fix several (server-only)
vulnerabilities reported upstream by Graham Rymer:
+ CVE-2019-13451: service overflows histlogfn in history.c.
+ CVE-2019-13452: service overflows histlogfn in reportlog.c.
+ CVE-2019-13273: srdb overflows dbfn in csvinfo.c.
+ CVE-2019-13274: reflected XSS in csvinfo.c.
+ CVE-2019-13455: htmlquoted(hostname) overflows msgline in
acknowledge.c.
+ CVE-2019-13484: htmlquoted(xymondreq) overflows errtxt appfeed.c.
+ CVE-2019-13485: hostname overflows selfurl in history.c.
+ CVE-2019-13486: htmlquoted(xymondreq) overflows errtxt in
svcstatus.c.
+ Closes: #935470
* Include hostname validation regression fixes from 4.3.30, too.
Checksums-Sha1:
2eaf3d1fd75623a081bad81ba9d7ff84f38bf7f8 2112 xymon_4.3.28-2+deb9u1.dsc
166b08210ae1c4072b6521a41e3234795726182a 49792 xymon_4.3.28-2+deb9u1.debian.tar.xz
8d1dfe9b8c312abe72fe9e71e9eb94b2e370423a 913350 xymon-client-dbgsym_4.3.28-2+deb9u1_amd64.deb
8f65a1059bb155f36920dcaff8d30e1211a2b940 279234 xymon-client_4.3.28-2+deb9u1_amd64.deb
7ae701fd5818dad6353759dd4d56d24398f0d9f7 9126386 xymon-dbgsym_4.3.28-2+deb9u1_amd64.deb
ea98007afda172e5b3879a3572bf23be6be52b0e 9086 xymon_4.3.28-2+deb9u1_amd64.buildinfo
2979772c7d084f9e78d16dcd00a48d1e4cd481ce 2423598 xymon_4.3.28-2+deb9u1_amd64.deb
Checksums-Sha256:
2d3b25516dea960d3a4ccb744461a9e223138014f099d8608662891326f92385 2112 xymon_4.3.28-2+deb9u1.dsc
2d611d9aa56e495854393539b831f9a16d94d799bd34c73a627d2cbf92026647 49792 xymon_4.3.28-2+deb9u1.debian.tar.xz
3a3f4dbc5700b6c8620040e54b6a8ee59c8e50c7917e1aff3e4daf3d0f54cf11 913350 xymon-client-dbgsym_4.3.28-2+deb9u1_amd64.deb
be1254fbfd5562f683c59b9691601d2e8687bced9f15dc359cbd2628022c6be1 279234 xymon-client_4.3.28-2+deb9u1_amd64.deb
9f53dee009e96c7b1738f3faa3fd848304cbddb27fe72280d01c834e366085e0 9126386 xymon-dbgsym_4.3.28-2+deb9u1_amd64.deb
c4ad99ef3866009fe0ada4ae97b6e5910cbab1e5e7d182887200328e1ff19fb3 9086 xymon_4.3.28-2+deb9u1_amd64.buildinfo
2b7d3a3859392d25579b1f5043600337d299dc05b090b4a568e51c69c712d334 2423598 xymon_4.3.28-2+deb9u1_amd64.deb
Files:
8f2833cbbd8ecb28d63238c93b657908 2112 net extra xymon_4.3.28-2+deb9u1.dsc
a215c6aa5e725fc83bd97b489cb38d44 49792 net extra xymon_4.3.28-2+deb9u1.debian.tar.xz
0f534eb59ff9623bc8a59f019a326003 913350 debug extra xymon-client-dbgsym_4.3.28-2+deb9u1_amd64.deb
4dde00c507780fe8b23da82fdb7d74f2 279234 net extra xymon-client_4.3.28-2+deb9u1_amd64.deb
2804e0ce307cbcea01918be8d3adadd3 9126386 debug extra xymon-dbgsym_4.3.28-2+deb9u1_amd64.deb
d15558995c8407ba5a672b42bee56ad8 9086 net extra xymon_4.3.28-2+deb9u1_amd64.buildinfo
7306804ef53e5ce56d77709bfe12f895 2423598 net extra xymon_4.3.28-2+deb9u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERoyJeTtCmBnp12Ema+Zjx1o1yXUFAl1gZ0EACgkQa+Zjx1o1
yXVC1A/+NqgsiT/tFOMnPq3E2BB4WOMpMhnZMtfKLVuz+WYzYu1qOwOqOAirNDyS
qutqEKWIxowTx9JLOu5744DLTH6PiHYf0g+xcVNu8IdPk9wvkYcy1gyhxYk/ye99
MiV+t/a7YV6BioQFc5tNQY2w+vPu4lHP0LLVvn12099LYTACGIG4vFhdQuTDUjwD
O1w76JrlX6d30014ncfPX0iBH6I2o8bAjQZQZLcjX9MGuPjSx1nAuCp/ARtOVEtJ
5Du8BI1zKzHyspU8YMZh2yj7im14hn0D7vFBAb9GtUYXAJ9JV9pV1kcFJwV3wMDv
itXYimG5F3ZYgPeUhKWvITIEJDvMUJ1Lif+huHLczT4Qkvjo+exqjmL2EyDGp5LQ
DqLOY7mlD1uPBVe/ddHFEDze8uV7nPcAVLLbaLG0yszY9qZ4ZANH2sApizDfN4NI
eofMNrkwb/uTnVEwTdoz3w0D2frWsysO8meIWqBLLKDpzEB9HuFniw8gA8ud8Yym
9ZPfor2EKz555g1jBTiArSBV8sgb3DmQoaIeZr1nEHdBFJmZf5FYddUaJDulDuVc
OR2KLAC0zvi8kS8oESVe30Lok1rpzQTI5WOWLgGsGm2XLooVCh4mAXhU+lE3Ren1
Ab7J9Q/DORXj641217qdDUboK2xihJMiTOb09e+mDQL/a86vRbs=
=Vg96
-----END PGP SIGNATURE-----