Bug 11706

Summary: nagios new security issues CVE-2013-2029 and CVE-2013-4214
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Guillaume Rousse <guillomovitch>
Status: RESOLVED WONTFIX QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: alien
Version: 3   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/574307/
Whiteboard:
Source RPM: nagios-3.4.4-4.mga3.src.rpm CVE:
Status comment:

Description David Walser 2013-11-19 19:40:51 CET 
RedHat has issued an advisory on November 18:
https://rhn.redhat.com/errata/RHSA-2013-1526.html

It is not clear if the versions in Mageia 2 or Cauldron are also affected.

Reproducible: 

Steps to Reproduce:
David Walser 2013-11-19 19:41:05 CET

CC: (none) => alien

Comment 1 Guillaume Rousse 2014-01-01 15:10:35 CET 
CVE-2013-2029 affects a migration script (nagios.upgrade_to_v3.sh) we don't ship.
CVE-2013-4214 is related to a vulnerability that can only occurs if source code is modified, this is not worth the effort to correct it.

Status: NEW => RESOLVED
Resolution: (none) => WONTFIX