xss vulnerabilities in nagios 3.2.3

[Andreas Ericsson]

On 06/10/2011 10:57 AM, Michael Friedrich wrote:
> hi,
> 
> on your tracker, 2 issues point to several xss vulnerabilities. since
> we've fixed them in icinga, and previous command expander needed an
> enhanced patch too, i decided to push that over her too while adding
> that patch to the omd package.
> 
> description is in icinga's dev tracker
> 
> https://dev.icinga.org/issues/1281 
> https://dev.icinga.org/issues/1605
> 
> this is a combined fix of those 2 issues #207 #224 @
> tracker.nagios.org, diff'ed against 3.2.3 release on holger's git
> repository.
> 
> feel free to to accept it or not, as usual i won't provide any tests
> as user feedback was sufficient.
> 

Thanks. I'll take a look and get in touch with Mitre on sunday.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231

Considering the successes of the wars on alcohol, poverty, drugs and
terror, I think we should give some serious thought to declaring war
on peace.

------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev