The 0.6.22 release of PNP4Nagios fixes a cross-site scripting flaw in an error page. An attacker could use this flaw to perform cross-site scripting attacks. References: https://bugs.gentoo.org/show_bug.cgi?id=516078 http://docs.pnp4nagios.org/pnp-0.6/dwnld http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9/ CVE request: http://www.openwall.com/lists/oss-security/2014/07/03/1
Created pnp4nagios tracking bugs for this issue: Affects: fedora-all [bug 1115771] Affects: epel-all [bug 1115772]
CVE-2014-4907 assigned: http://seclists.org/oss-sec/2014/q3/140
pnp4nagios-0.6.22-2.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
pnp4nagios-0.6.22-2.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
pnp4nagios-0.6.22-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
I don't understand. pnp4nagios has been already released in Fedora. Is this still a bug? Do you have some patches? If it's not a bug in Fedora, why this bug has been reopened?
(In reply to Jan ONDREJ from comment #6) > I don't understand. pnp4nagios has been already released in Fedora. Is this > still a bug? Do you have some patches? If it's not a bug in Fedora, why this > bug has been reopened? I did not close this bug earlier, sorry about that.