This makes zero sense.
I see this in the changelog:
monit (1:5.16-2ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: CSRF vulnerability
- debian/patches/CVE-2016-7067.patch: The following http services
are no longer implemented for GET method and require CSRF
protected POST: _doaction, _viewlog
- CVE-2016-7067
-- Eduardo Barretto <[email protected]> Fri, 10 Aug 2018
12:24:19 -0300
but monit shows CVE 2016-7067 already patched long before then:
https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987f2d863e3?at=master
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910
Title:
Latest patch breaks command line 'restart all'
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/monit/+bug/1786910/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
