On Wed, Nov 30, 2016 at 10:31:09PM +0000, Ludovic Court�s wrote: > civodul pushed a commit to branch master > in repository guix. > > commit d30e578a0011b05d1e7d8b3ba7ee38588eba301c > Author: Ludovic Courtès <l...@gnu.org> > Date: Wed Nov 30 23:26:57 2016 +0100 > > gnu: Add Nagios. > > * gnu/packages/monitoring.scm: New file. > * gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
> + (version "4.0.8") > + ;; XXX: Newer versions such as 4.2.3 bundle a copy of AngularJS. This version of Nagios includes some severe security vulnerabilities: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9566 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9565 They allow remote attackers to read and write arbitrary files (leading to remote code execution) or to escalate privilege to the superuser. What should we do?
signature.asc
Description: PGP signature
