On Sat, Jan 31, 2015, at 09:24, Axel Beckert wrote:
Hi,
On Fri, Jan 23, 2015 at 02:06:27PM +0100, Christoph Berg wrote:
Re: J.C. Cleaver 2015-01-22 <user-4199642a17cb@xymon.invalid>
On Thu, January 22, 2015 8:14 am, Christoph Berg wrote:
This might even deserve a CVE number, but as it's a seccgi, it's
not widely exposed.
It now got a CVE-ID assigned: CVE-2015-1430
See http://www.openwall.com/lists/oss-security/2015/01/31/4
This is fixed in (unreleased) 4.3.18, via
https://sourceforge.net/p/xymon/code/7483.
This was introduced in 4.3.4, r6691
http://sourceforge.net/p/xymon/code/6691/tree//trunk/web/acknowledge.c?diff=516c17fd34309d2eb14bcb64:6690