Hi Salvatore, Salvatore Bonaccorso wrote: > According to [1] xymon is vulnerable to ta file deletion > vulnerability, which I have not further investigated.
Yep, also has been announced upstream and I checked with upstream. All versions in Debian are said to be vulnerable. For experimental, the fixed 4.3.12 is already in Git, but not yet tested and hence not yet uploaded. > [1] http://www.securityfocus.com/archive/1/527534/30/0/threaded I already asked upstream for a CVE id, but they don't have one yet[2]. Can you get one? [2] http://lists.xymon.com/pipermail/xymon/2013-July/037909.html Regards, Axel -- ,''`. | Axel Beckert <[email protected]>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE `- | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

