-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 22 May 2026 20:45:00 +1000 Source: nagios4 Binary: nagios4 nagios4-cgi nagios4-cgi-dbgsym nagios4-core nagios4-core-dbgsym Architecture: armhf Version: 4.4.6-4.1+deb13u1 Distribution: trixie-security Urgency: high Maintainer: armhf Build Daemon (arm-conova-01) Changed-By: Russell Stuart Description: nagios4 - host/service/network monitoring and management system nagios4-cgi - cgi files for nagios4 nagios4-core - host/service/network monitoring and management system core files Closes: 1136340 Changes: nagios4 (4.4.6-4.1+deb13u1) trixie-security; urgency=high . * CSRF Security Fix backported from upstream 4.5.12 commit e5ed38e53a5d65721520c7c67be0746d63da28cb (cgi/cmd.c and html/index.php.in). See https://www.nagios.com/security-disclosures/nagios-core/4-5-12/ for the upstream disclosure. No CVE assigned. Closes: #1136340. * This can break third party integrations that POST to cmd.cgi without first setting NagFormId (the CSRF check fails). Upstream PR 1055 has been added as a workaround - see README.Debian. Checksums-Sha1: 7c48522acb68e354d5d6ed1a466d81e514d940e5 5547624 nagios4-cgi-dbgsym_4.4.6-4.1+deb13u1_armhf.deb c1bfe231e3f5698d14bee4ee037a5cf0e557d0f8 1197788 nagios4-cgi_4.4.6-4.1+deb13u1_armhf.deb 35d8ef46e35c9ab425b86183c6fabe4d855a2308 730932 nagios4-core-dbgsym_4.4.6-4.1+deb13u1_armhf.deb 8cf41b299bf906589ce9f4b17af4203d41f3259b 227988 nagios4-core_4.4.6-4.1+deb13u1_armhf.deb 9d47b4a60bb347b6b990767aa450504d08495d5a 10064 nagios4_4.4.6-4.1+deb13u1_armhf-buildd.buildinfo ba36a02070ab96fba70e4b896e5ecb80f966ac76 16412 nagios4_4.4.6-4.1+deb13u1_armhf.deb Checksums-Sha256: 4e9426f183e359c31c260626cd45f6c82aefc0e5b8bb14b0b9a6df587a13d53b 5547624 nagios4-cgi-dbgsym_4.4.6-4.1+deb13u1_armhf.deb 9d55b3fcf590ce6504e3984313c84b9641a9d0ba415395dcbc429618f6741857 1197788 nagios4-cgi_4.4.6-4.1+deb13u1_armhf.deb f35717460bb50e6e7b69cb059330e5b06a5ec1c4e3cdf28b91f3475080580fe4 730932 nagios4-core-dbgsym_4.4.6-4.1+deb13u1_armhf.deb 5d3d122be81771e75b48c2cb476c9a385fe8b56f5122d6e622a9f8c2105ece1e 227988 nagios4-core_4.4.6-4.1+deb13u1_armhf.deb 3e6722cdf71c39819b58d90371484cddbafe8ae05f882ad665a7fac590a0057d 10064 nagios4_4.4.6-4.1+deb13u1_armhf-buildd.buildinfo 5b030fdcfb59f6b7373f4657a78d1e072bdd9f80b9bb7194da74e4577f9d0fae 16412 nagios4_4.4.6-4.1+deb13u1_armhf.deb Files: 7efa3cd309a86e206ee16c4fccf5aeb3 5547624 debug optional nagios4-cgi-dbgsym_4.4.6-4.1+deb13u1_armhf.deb aef87631a9e3c60e3beb26c887027e4e 1197788 net optional nagios4-cgi_4.4.6-4.1+deb13u1_armhf.deb 0377bb781b1d633cfe74518b85c70e52 730932 debug optional nagios4-core-dbgsym_4.4.6-4.1+deb13u1_armhf.deb a6df2f772c6f1c8db4b37e6f45cc701a 227988 net optional nagios4-core_4.4.6-4.1+deb13u1_armhf.deb f544baa2cfe42966f81631383e664aaf 10064 net optional nagios4_4.4.6-4.1+deb13u1_armhf-buildd.buildinfo 7804f8c26eeeb77a277bfca4fe62fff6 16412 net optional nagios4_4.4.6-4.1+deb13u1_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEO4qAQUSIo2p/kVRf8U6eOZMpj68FAmoVZTQACgkQ8U6eOZMp j69KGhAAwObPq34mBcyp1OHqFdnqQjo40sBW23NyWlwrKpGsMPxr3EdiAh3Thd3s sLPsEhljiA67qoSN+9Ohn0mPmyKHfGjdcwwtjDup4wYmZtmzvDZe9RKnsb2ZDK/A RJ/6RbD//uG5rGQqpt5L9NxklsXbmmAYy5oNL7P4c0mEZp/7ziJqwMlY4VWxjhIi C3zr6eS/TnNKJrfQ28174TEEHU12r64bObt5ssU+IUa6snrOEzBqOD59eqqXeIBa GHoXXjR82XFKPplD7EjhkqE9we7R8ciG2tIirS1bCGuOoFkKDrclruImC9tsSAnW eCpwryvn4lT1Wpx8Zz2q0PfmGPJ80e+yIUi7GnGPw1o5Trim3nGwi3LVZ2q1+CL7 dGu0oNzqp5NqhJdWzMQaMNDVXgGo49RnF0AS5GFuq0vDnjNUqtuJT4HeC6DbTQXc XLgtP8S33s7KLJmf1ydXhjzvRHKtgUiJzbU8c2tKIpDK9UkaQIpypXZL/rCE9ZaE Jz/T3Fq9oyhhozAQqfxkIKXlX2ZROS4OT0+CcLvIgIm0rn48jHcRa+E8IW90Kd43 QYSgK4XSVn0x3pAdZIAe1Tv/nmhCNLQEijjuMsm58xT9xxwbAlNKMKP88dj7GZS1 TxmuAgt4KAbMo3fMcPficNEs/R3U3LJC9uHdhF+QZBJ0yBnadaY= =fvrG -----END PGP SIGNATURE-----