Back to xymon PTS page

Accepted xymon 4.3.17-6+deb8u2 (source amd64) into oldoldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted xymon 4.3.17-6+deb8u2 (source amd64) into oldoldstable
From: Hugo Lefeuvre <hle@debian.org>
Date: Mon, 26 Aug 2019 01:20:15 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1i23g7-0006SW-Q4@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 25 Aug 2019 09:18:13 -0400
Source: xymon
Binary: xymon xymon-client
Architecture: source amd64
Version: 4.3.17-6+deb8u2
Distribution: jessie-security
Urgency: medium
Maintainer: Christoph Berg <myon@debian.org>
Changed-By: Hugo Lefeuvre <hle@debian.org>
Description:
 xymon      - monitoring system for systems, networks and applications
 xymon-client - client for the Xymon network monitor
Closes: 935470
Changes:
 xymon (4.3.17-6+deb8u2) jessie-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Security Team.
   * This update is based on Axel Beckert's 4.3.28-2+deb9u1 update. Thanks!
   * Apply minimal upstream security patch to fix several (server-only)
     vulnerabilities reported upstream by Graham Rymer:
     + CVE-2019-13451: service overflows histlogfn in history.c.
     + CVE-2019-13452: service overflows histlogfn in reportlog.c.
     + CVE-2019-13273: srdb overflows dbfn in csvinfo.c.
     + CVE-2019-13274: reflected XSS in csvinfo.c.
     + CVE-2019-13455: htmlquoted(hostname) overflows msgline in
       acknowledge.c.
     + CVE-2019-13484: htmlquoted(xymondreq) overflows errtxt appfeed.c.
     + CVE-2019-13485: hostname overflows selfurl in history.c.
     + CVE-2019-13486: htmlquoted(xymondreq) overflows errtxt in
       svcstatus.c.
     + Closes: #935470
   * Include hostname validation regression fixes from 4.3.30, too.
Checksums-Sha1:
 881906ad9b7a0d1d564370be299ac9eb1bea4032 1962 xymon_4.3.17-6+deb8u2.dsc
 f37ab24205c4762d552d889ae761aaca5d76c468 106412 xymon_4.3.17-6+deb8u2.debian.tar.xz
 bc57a3d70cd7d1fa3112778599fdd829b1c27c5c 2268674 xymon_4.3.17-6+deb8u2_amd64.deb
 6a90ebe8f6494066a758aeaba5fc4d7a83ae7cc8 249730 xymon-client_4.3.17-6+deb8u2_amd64.deb
Checksums-Sha256:
 d807facbbf13a0304d373876cdbc4c410bcec0c5d8cc0d0f549d0a4058bc91e2 1962 xymon_4.3.17-6+deb8u2.dsc
 1ec657169f8dab1be010a0e40407defa7ef43f19f001353db825dd2c28fc36ed 106412 xymon_4.3.17-6+deb8u2.debian.tar.xz
 0c7de7d91fea10f46e3606c7f12066802145a92ab9ebacef8ed01c65b8f15f08 2268674 xymon_4.3.17-6+deb8u2_amd64.deb
 2aaba233ce61e6b256f03df0e24bde768fa9d253f2df1d6ab53ba8201d95ceac 249730 xymon-client_4.3.17-6+deb8u2_amd64.deb
Files:
 08342c2a9478d20cd1469ccb80d205e7 1962 net extra xymon_4.3.17-6+deb8u2.dsc
 04b029039a7b04b08cb3c5769093edab 106412 net extra xymon_4.3.17-6+deb8u2.debian.tar.xz
 9b118eb9fb5c510e89098cec1ca1850a 2268674 net extra xymon_4.3.17-6+deb8u2_amd64.deb
 21caed032f7cc2086cfb6badc6b0a992 249730 net extra xymon-client_4.3.17-6+deb8u2_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQHDBAEBCgAtFiEEeDb9QWtkMa2LX4zREeMFjl5EGkIFAl1jLJMPHGhsZUBkZWJp
YW4ub3JnAAoJEBHjBY5eRBpCgkcL/1xdN2+PCqiNQLiXkAzN8x5ARoSa81l5zo1b
owEIYKpJtHAmT+lwM0xhU2ydfAmXb98ACf4ifpAo7CZoYYKIRIu+Xbwik/6XCbrm
XMCUYhxzM+qfxcDvvc5xa0LBhsrXWca+FFZznBwITQtf48svxGEhyfi5RykSHhhK
+pgN3MnIZRGZ+/bXgphabQjpHTOpYs4cXtO2syTyH0sWFhnnGhCwLF+JgYuvb48T
8q6d+uKtnv47l7qYrA+I9zcz7ou9L8PeWvRUx800tYFwIbMg2PzgU1+gjdzp3Svi
gev1owugFGMBIoSOu/iBCoHvWTQx2SDpnaRJPdVuVaxXo06SFqhJKIsjSVJyETan
ddJnb6a/zOythwaaPbDwVQawcIe5HRSGbe+D2416zj7hGaewB/F/CxoUumbWhEzQ
KSKHiyamIJfgBn5hAAUkuHOYNKsHSGd3oUrO6cpeqMa+7m8khAqWG+VlxiTJLSVo
BCHOcP3gEK9EeHi+e7tcVBwodIu2dw==
=RGJY
-----END PGP SIGNATURE-----