-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 22 May 2026 21:00:00 +1000 Source: nagios4 Binary: nagios4 nagios4-cgi nagios4-cgi-dbgsym nagios4-core nagios4-core-dbgsym Architecture: armel Version: 4.4.6-4+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: armel Build Daemon (arm-conova-02) Changed-By: Russell Stuart Description: nagios4 - host/service/network monitoring and management system nagios4-cgi - cgi files for nagios4 nagios4-core - host/service/network monitoring and management system core files Closes: 1136340 Changes: nagios4 (4.4.6-4+deb12u1) bookworm-security; urgency=high . * CSRF Security Fix backported from upstream 4.5.12 commit e5ed38e53a5d65721520c7c67be0746d63da28cb (cgi/cmd.c and html/index.php.in). See https://www.nagios.com/security-disclosures/nagios-core/4-5-12/ for the upstream disclosure. No CVE assigned. Closes: #1136340. * This can break third party integrations that POST to cmd.cgi without first setting NagFormId (the CSRF check fails). Upstream PR 1055 has been added as a workaround - see README.Debian. Checksums-Sha1: bb0ceebd59fb566311cd9c66f6ef0bd90e95d0a9 5492776 nagios4-cgi-dbgsym_4.4.6-4+deb12u1_armel.deb 277415dcb74bf3d4b57e4cf86a79a600787450f2 1174372 nagios4-cgi_4.4.6-4+deb12u1_armel.deb 8964cef949e81f7eeffb8abd3c27090a8d11eb6a 740648 nagios4-core-dbgsym_4.4.6-4+deb12u1_armel.deb acc2b23d1498aa2241b6c6568ee0fbe70c42f004 217192 nagios4-core_4.4.6-4+deb12u1_armel.deb 8bd7526cf615590c6a780d45d5ecb4ee8702b85e 10480 nagios4_4.4.6-4+deb12u1_armel-buildd.buildinfo 8ae14e2537a3e26130bfff02ea73f0d6f02e7b82 16296 nagios4_4.4.6-4+deb12u1_armel.deb Checksums-Sha256: c5d016e263867ce19ac53f38812e06b78da325c43db570bfb6b7dcb2980ccf08 5492776 nagios4-cgi-dbgsym_4.4.6-4+deb12u1_armel.deb 8c2f8b529b68508c1cefa2a9f3a4d0f9f602a19756bab882fda5746f2e2921a7 1174372 nagios4-cgi_4.4.6-4+deb12u1_armel.deb 46ef7380fbec48936acd2a1198742ae66f133edeed9b171874a0e124cf9fe9bd 740648 nagios4-core-dbgsym_4.4.6-4+deb12u1_armel.deb 7f3c6db450b35cb4ad8029b1d284a4df65ab875f64f478e7a0dbc7e218b20040 217192 nagios4-core_4.4.6-4+deb12u1_armel.deb 4d9be6daad661a1c6412940c74b661a7cddfe3e3b20ff29225b25edbd03549c8 10480 nagios4_4.4.6-4+deb12u1_armel-buildd.buildinfo 00f63b641b7620d03fcaafafe219962cb58fa3fb4b6ee7ab8ed291e2f37705b4 16296 nagios4_4.4.6-4+deb12u1_armel.deb Files: 1b0f772db56bfa1cf7f6a737e872fda9 5492776 debug optional nagios4-cgi-dbgsym_4.4.6-4+deb12u1_armel.deb b1b99b11929d1252a50c0e476a69d9ec 1174372 net optional nagios4-cgi_4.4.6-4+deb12u1_armel.deb 316cfc5b90be616414e64239c053c3a2 740648 debug optional nagios4-core-dbgsym_4.4.6-4+deb12u1_armel.deb dfad0f00fc036d46031bdd89cbb19f01 217192 net optional nagios4-core_4.4.6-4+deb12u1_armel.deb 003342f734263fe3747f46bf5134e7b1 10480 net optional nagios4_4.4.6-4+deb12u1_armel-buildd.buildinfo d552f742a5c2480b6d939d558b0700a0 16296 net optional nagios4_4.4.6-4+deb12u1_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEWHj9K9pO9l4btbD1OQKMdMnEH5MFAmoWChIACgkQOQKMdMnE H5NIIg/7Ba72ozOLoDJ+NtBN9bErfQY2mIfJtwxFchbaddNj6zkBk+LxnShy6bi3 QsyiVuHRJ4EX0Ya5avqPoFKJmwtgD+4dX9PNTprl0NWSG0RogUVV9R1c97mmzzfB YEt8y7piugsxkouW4D47V2mPs+90p/wgzIm5fvarbp5GWg0A0NDplMLd3tEREAZX T1Y0NetsfydQsx7bAW8FzdMFd0XIY+fJ5RK2FJSJhkGzQiOVmMC/M/Sh2miGv2Wi EeeRXouxa9GP0Tr5/i8i+ycgn0WYro/xOCvjz3QPe+EknIXwFxIC8ta+UEg7tZGR s/Rm/qatRqzSfRLS/Y8PRoK92lEeMZVYn77y00yhApUHPARZ//hMwjZfg6Brn4Bg qRrQXLxAfhZDcvsk943xZ6BG6ULMZaGAz6YUeUmz3G3bxLGRIjm9HQzn1DJJifP5 GU5x9IdoZdyW8EgjLtVbkmTHcfXLAz+hNeyM8GGKBbSlMBrWRHbjTZyw/nSIflfI VXM36U3AN48lh4R54cLJYKRdssoHVVR0FQrX/z1JtcnNtOaEkBRfJhRteaYoQeAr 7/9vG/AZWIZlQ3seyoEICSzFj9prgPnPP7ux2Cooff6SjFRkd5IdMXxYBUUDxfvl efF8pX+uitDzCFemm/2tfku/1OKARPAzBAEuYIvCI/xYSrSqgQI= =IVDm -----END PGP SIGNATURE-----