lp:ubuntu/hardy-security/nagios2

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

13. By Marc Deslauriers on 2009-07-02

* SECURITY UPDATE: remote code execution via shell metacharacters.
  - debian/patches/33_CVE_2009_2288.dpatch: make sure host ip and
    arguments are valid in cgi/statuswml.c.
  - CVE-2009-2288

12. By Marc Deslauriers on 2008-12-22

* SECURITY UPDATE: authorization check bypass and arbitrary command
  execution via custom form or browser addon (LP: #301542)
  - debian/patches/31_CVE_2008_5027.dpatch: cgi/cmd.c: strip semicolons and
    newlines in commit_command().
  - CVE-2008-5027
* SECURITY UPDATE: Cross-site request forgery (CSRF) arbitrary command
  execution (LP: #301542)
  - debian/patches/32_CVE_2008_5028.dpatch: disable CMD_CHANGE commands in
    base/commands.c
  - CVE-2008-5028
* debian/rules: do not update po tree for security updates.

11. By Jamie Strandboge on 2008-06-19

* SECURITY UPDATE: fix XSS issues in CGI scripts thanks to Thierry Carrez
* debian/rules: fix nagios2-common upgrade failure. Thanks to Thierry Carrez
* References
  CVE-2007-5803
  LP: #238516
  LP: #220208

10. By Chuck Short on 2008-04-07

* debian/nagios2-common.nagios2.init
  - Fix init script pid file. (LP: #174466)
* Update maintainers as per spec.

9. By Marc Haber <email address hidden> on 2008-03-15

* new upstream version
* remove wrong NOT RELEASED YET entry from 2.10-1 changelog
* Add debian/watch file. Thanks to Raphael Geissert. Closes: #456018
* init script: Tell killproc which daemon to kill.
  Thanks to Mark Petersen. Closes: #456958
* Steal copyright file from Nagios3
* Standards-Version: 3.7.3 (no changes necessary)
* Add a description to 10_p1_pl_shebang.dpatch
* Override empty directory warning for usr/share/nagios2/htdocs/ssi/
* fix Errors in manpages by removing .Xc

[Jan Wagner]
* added Vcs- fields

8. By Marc Haber <email address hidden> on 2007-10-31

* NOT RELEASED YET
* New upstream release
  * Fix XSS vulnerability (CVS-2007-5624). Closes: #448371
* Adapt sample config patches
* Fix permissions on /var/log/nagios2/archives.
  Thanks to Michael Feger. Closes: #429820
* Fix typo in localhost_nagios2.cfg.
  Thanks to Justin Pryzby. Closes: #430477.
* New Portuguese debconf translations from Rui Branco and the Traduz
  team. Closes: #436155.
* Rearrange apache2.conf so that the Stylesheet alias path is
  actually used.
  Thanks to Joerg Dorchain. This may fix #420009
* Relax dependency on web server to Recommends. Depend on
  apache2-utils since we need htpasswd.
  Thanks to Japp Eldering. Closes: #413519
* Move stylesheets to /etc, create a symlink.
  Thanks to Joerg Dorchain and Steve Greenland. Closes: #420011
* Fix suboptimal formatting of package descriptions.
  Thanks to Sam Morris. Closes: 413494
* debian/control: re-order Source stanza according to dpkg 1.14.7,
  add Homepage field. We're going to leave in the Upstream URL in the
  package description for a while though.
* Unmark package names for translation in debconf templates.
  Thanks to Kobayashi Noritada. Closes: #413127

[Jan Wagner]
* fixed README.Debian about setting check_external_commands=1
  (closes: #431953).

7. By sean finney <email address hidden> on 2007-06-09

* New upstream release (closes: #414647).
* new dutch (nl) debconf translations from cobaco (closes: #414762).
* new japanese (ja) debconf translations from Kobayashi Noritada
  (closes: #413122).
* Fix wrong path to debian.gd2 in extinfo_nagios2.cfg (closes: #423639).
[Sean Finney]
* various fixes/cleanups in init script should resolve issues with
  pidfile handling etc (closes: #416763, #397289, #414050, #412980, #415752).
* Merge config file changes.
* add note for pam_tmpdir users about setting TMPDIR in
  /etc/nagios2/default. thanks to Richard A Nelson (closes: #414652)

6. By Marc Haber <email address hidden> on 2007-02-24

[Marc Haber]
* services_nagios2.cfg: add default notification_interval 0 clauses to
  make it clear that nagios won't re-notify by default.
  Thanks to Jan Wagner.
* Add symlink from /usr/share/nagios2/htdocs/docs to
  /usr/share/doc/nagios2-doc/html as suggested by Mike O'Connor.
  Closes: #408141
* init script: use awk -v FS. Thanks to Mike O'Connor. Closes: #408136
* init script: remove commented sleep-rekill loop which was confusing
  to some users. It has never been enabled in nagios2 and is probably
  left over from whatever package the original nagios2 init script
  was taken from. Closes: #408231
* run debconf-updatepo and commit new files

[Sean Finney]
* added Build-Depends on dpkg-dev >= 1.13.19, since our use of
  source:Version in debian/control requires it.

5. By Marc Haber <email address hidden> on 2006-12-16

* new german debconf translations from Matthias Julius (closes: #400700).
* remove check_dns from commands.cfg.
  Thanks to Dr. Tilo Levante. Closes: #402303
* nagios2-common.postinst: Take 127.0.0.1 as default default gateway.
* nagios2-common.postrm: Send dpkg-statoverride standard error to
  the bin to avoid a row of "No override present" error messages on
  purge.
* Ship our own resource.cfg with nagios2-common

4. By Marc Haber <email address hidden> on 2006-12-06

* new upstream version
* adapt configuration patches
* adapt installation lists
* Add README reference to nagios.cfg regarding the command file
* Add no-op logrotate file to really disable logrorate log rotation.
  Closes: #396173, #401546