Bug 10738

Summary: nagios new security issue CVE-2013-2214
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Guillaume Rousse <guillomovitch>
Status: RESOLVED INVALID QA Contact: Sec team <security>
Severity: major    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/558108/
Whiteboard: MGA3TOO, MGA2TOO
Source RPM: nagios-3.4.4-4.mga3.src.rpm CVE:
Status comment:

Description David Walser 2013-07-09 00:45:19 CEST 
OpenSuSE has issued an advisory today (July 8):
http://lists.opensuse.org/opensuse-updates/2013-07/msg00029.html

Mageia 2 and Mageia 3 are also affected.

Reproducible: 

Steps to Reproduce:
David Walser 2013-07-09 00:45:28 CEST

Whiteboard: (none) => MGA3TOO, MGA2TOO

Comment 1 Guillaume Rousse 2013-07-17 20:58:25 CEST 
According to the discussion on nagios bug tracker, this is not a bug, but an expected behaviour:
http://tracker.nagios.org/view.php?id=456

So I'd prefer to postpone any decision currently.
Comment 2 David Walser 2013-07-17 21:47:58 CEST 
Thanks for looking at it Guillaume.  I checked the various bug reports and also see that this is still in the process of being investigated.  We can hold off.

Severity: normal => major

Comment 3 David Walser 2013-08-02 21:41:44 CEST 
Closing as INVALID, per Vincent Danen's explanation:
http://openwall.com/lists/oss-security/2013/08/02/3

Status: NEW => RESOLVED
Resolution: (none) => INVALID