——————————————————————————–
Fedora Update Notification
FEDORA-2014-8107
2014-07-05 14:12:37
——————————————————————————–
Name : pnp4nagios
Product : Fedora 19
Version : 0.6.22
Release : 2.fc19
URL : http://www.pnp4nagios.org/
Summary : Nagios performance data analysis tool
Description :
PNP is an addon to nagios which analyzes performance data provided by plugins
and stores them automatically into RRD-databases.
——————————————————————————–
Update Information:
Fix three URL Cross-Site Scripting Vulnerabilities.
Update to upstream (fixes XSS flaw in an error page)
Update to upstream (fixes XSS flaw in an error page)
——————————————————————————–
ChangeLog:
* Fri Jul 4 2014 Ján ONDREJ (SAL) <ondrejj(at)salstar.sk> – 0.6.22-2
– Fix two URL Cross-Site Scripting Vulnerabilities (bz#1115983)
* Thu Jul 3 2014 Ján ONDREJ (SAL) <ondrejj(at)salstar.sk> – 0.6.22-1
– Update to upstream (fixes XSS flaw in an error page – bz#1115770)
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 0.6.21-5
– Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 0.6.21-4
– Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Jul 17 2013 Petr Pisar <ppisar@redhat.com> – 0.6.21-3
– Perl 5.18 rebuild
* Wed Jul 3 2013 Ján ONDREJ (SAL) <ondrejj(at)salstar.sk> – 0.6.21-2
– Broken configuration for httpd 2.4 fixed (bz#871465)
– fixed dates in changelog items
——————————————————————————–
References:
[ 1 ] Bug #1115983 – CVE-2014-4908 pnp4nagios: Two URL Cross-Site Scripting Vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=1115983
[ 2 ] Bug #1115770 – CVE-2014-4907 pnp4nagios: cross-site scripting flaw in an error page
https://bugzilla.redhat.com/show_bug.cgi?id=1115770
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update pnp4nagios’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
——————————————————————————–
Fedora Update Notification
FEDORA-2014-8098
2014-07-05 14:12:16
——————————————————————————–
Name : pnp4nagios
Product : Fedora 20
Version : 0.6.22
Release : 2.fc20
URL : http://www.pnp4nagios.org/
Summary : Nagios performance data analysis tool
Description :
PNP is an addon to nagios which analyzes performance data provided by plugins
and stores them automatically into RRD-databases.
——————————————————————————–
Update Information:
Fix three URL Cross-Site Scripting Vulnerabilities.
Update to upstream (fixes XSS flaw in an error page)
Update to upstream (fixes XSS flaw in an error page)
——————————————————————————–
ChangeLog:
* Fri Jul 4 2014 Ján ONDREJ (SAL) <ondrejj(at)salstar.sk> – 0.6.22-2
– Fix two URL Cross-Site Scripting Vulnerabilities (bz#1115983)
* Thu Jul 3 2014 Ján ONDREJ (SAL) <ondrejj(at)salstar.sk> – 0.6.22-1
– Update to upstream (fixes XSS flaw in an error page – bz#1115770)
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 0.6.21-5
– Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
——————————————————————————–
References:
[ 1 ] Bug #1115983 – CVE-2014-4908 pnp4nagios: Two URL Cross-Site Scripting Vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=1115983
[ 2 ] Bug #1115770 – CVE-2014-4907 pnp4nagios: cross-site scripting flaw in an error page
https://bugzilla.redhat.com/show_bug.cgi?id=1115770
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update pnp4nagios’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce