From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: 01/01: gnu: Add Nagios. Date: Fri, 30 Dec 2016 14:52:16 -0500 Message-ID: <20161230195216.GA9049@jasmine> References: <20161130223109.19603.88396@vcs.savannah.gnu.org> <20161130223109.CCC082201C1@vcs.savannah.gnu.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="2oS5YaxWCcQjTEyO" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:32870) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cN3Dz-0003Oe-9R for guix-devel@gnu.org; Fri, 30 Dec 2016 14:52:24 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cN3Dv-0003Pk-D0 for guix-devel@gnu.org; Fri, 30 Dec 2016 14:52:23 -0500 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:33865) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cN3Dv-0003PH-8v for guix-devel@gnu.org; Fri, 30 Dec 2016 14:52:19 -0500 Received: from localhost (c-73-188-17-148.hsd1.pa.comcast.net [73.188.17.148]) by mail.messagingengine.com (Postfix) with ESMTPA id D26CC2478B for ; Fri, 30 Dec 2016 14:52:17 -0500 (EST) Content-Disposition: inline In-Reply-To: <20161130223109.CCC082201C1@vcs.savannah.gnu.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org --2oS5YaxWCcQjTEyO Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 30, 2016 at 10:31:09PM +0000, Ludovic Court=EF=BF=BDs wrote: > civodul pushed a commit to branch master > in repository guix. >=20 > commit d30e578a0011b05d1e7d8b3ba7ee38588eba301c > Author: Ludovic Court=C3=A8s > Date: Wed Nov 30 23:26:57 2016 +0100 >=20 > gnu: Add Nagios. > =20 > * gnu/packages/monitoring.scm: New file. > * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. > + (version "4.0.8") > + ;; XXX: Newer versions such as 4.2.3 bundle a copy of AngularJS. This version of Nagios includes some severe security vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2016-9566 https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2016-9565 They allow remote attackers to read and write arbitrary files (leading to remote code execution) or to escalate privilege to the superuser. What should we do? --2oS5YaxWCcQjTEyO Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlhmuvAACgkQJkb6MLrK fwjXuhAAqHRcteKMfAEQQv3uWJuGSUn93GrZyUb4cU0y127h61Y6lk0PsVUzx+pJ bz0Wd/eGRtUKx3/qww/Us4P/Zh8Z/44uoQSpafOnOcwyj0RamwzwlittOA0VYAHx kZeDTK0RZKenIRGbFI3kgr3Mwi1N8pb86PA2RlxwNqyZwyDcs4xuEZyZd14U8HXq LmTml3VhQWZmBMJBZXGVJK860mQ/rL/HwroP9u8Jo49Z/gaOSC61k9UkT7Kc5Dyd xcwYb/L4Uz5OVRzjx9eIbi/nxZoqQj5vA7o5KDom9q8qRqHzwy4KSLlu3r4kgIyd x5fDBasLQLa8LxWyFtzb2hHlNEpu8Br/BLS+Bbix2ti+TKbHVFnB4IneCRAVkYcu 5xoc8rtAlATaWTAxnrgowHvaoTkE0CsU1bIbWqv9eMhWeYrEKDowi/XSa9prsIYV qsVV/sMof8/8eJtR9Dzrw22W0Bz5H/2TxMyE6sfKnnYj+bnt5d17hTH8UO51feJ8 b1QD37/v8XUvqYb7UloFp7J7d5excuMcmEJiaUPtizAqyaCZHjo3VhHyQJWl8sbq SGsRU6deH4GupL8zYLUJHXon5Y6qP7YgAr4pjL0FEu5pbmm/A1Q9ts3MSomDwobr ue2koadLpe2nfRAO0D90rCYiO6z2UoQU63Hd/QCw9B6ZeurtOlw= =XgES -----END PGP SIGNATURE----- --2oS5YaxWCcQjTEyO--