-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 22 May 2026 20:45:00 +1000
Source: nagios4
Architecture: source
Version: 4.4.6-4.1+deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: Russell Stuart <russell-debian@stuart.id.au>
Changed-By: Russell Stuart <russell-debian@stuart.id.au>
Closes: 1136340
Changes:
 nagios4 (4.4.6-4.1+deb13u1) trixie-security; urgency=high
 .
   * CSRF Security Fix backported from upstream 4.5.12 commit
     e5ed38e53a5d65721520c7c67be0746d63da28cb (cgi/cmd.c and
     html/index.php.in).  See
     https://www.nagios.com/security-disclosures/nagios-core/4-5-12/
     for the upstream disclosure.  No CVE assigned.
     Closes: #1136340.
   * This can break third party integrations that POST to cmd.cgi
     without first setting NagFormId (the CSRF check fails).  Upstream
     PR 1055 has been added as a workaround - see README.Debian.
Checksums-Sha1:
 c1b0108e69cff0d74ec64af26cf84146f7b9fe86 2018 nagios4_4.4.6-4.1+deb13u1.dsc
 d52e26d6a17ac70f01d87e9329b20436fff1f1a7 11333414 nagios4_4.4.6.orig.tar.gz
 b48adcbd2f63d199eb03d769be2fcc76c520213b 1096708 nagios4_4.4.6-4.1+deb13u1.debian.tar.xz
 5626a8986527b8e1d94a08a61987bee654b28911 10635 nagios4_4.4.6-4.1+deb13u1_amd64.buildinfo
Checksums-Sha256:
 e9b37737e230d4d71f690f810240a7752de5eb66db7416222f34926160f6a3a1 2018 nagios4_4.4.6-4.1+deb13u1.dsc
 ab0d5a52caf01e6f4dcd84252c4eb5df5a24f90bb7f951f03875eef54f5ab0f4 11333414 nagios4_4.4.6.orig.tar.gz
 34bfaed31da2010210c6075b232451aa07458b6294fb905a079c5fa99fa5f7b6 1096708 nagios4_4.4.6-4.1+deb13u1.debian.tar.xz
 edc077506bca75988db36833bd62e6d5c0f358a3b181fb2cf44b41a0dc2bac1d 10635 nagios4_4.4.6-4.1+deb13u1_amd64.buildinfo
Files:
 e9d8e9afb09efd1116aa5a613ad07396 2018 net optional nagios4_4.4.6-4.1+deb13u1.dsc
 ba849e9487e13859381eb117127bfee2 11333414 net optional nagios4_4.4.6.orig.tar.gz
 1d767764d53785148606dd5681c2a373 1096708 net optional nagios4_4.4.6-4.1+deb13u1.debian.tar.xz
 c6ce2ed927b777105d506936d316b690 10635 net optional nagios4_4.4.6-4.1+deb13u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEZqiOeH6lCkTWvjmorNSfiF5UUm4FAmoVYEQACgkQrNSfiF5U
Um5zPRAAjNdjRjx+M27EQojMLBBsyoogUzIMH6qE/nfY63ytGbTjfgpPVFLLg5Cg
da2gB8j5glqGAy2s7y748VOxZ+LcY4es3TY/B/QGoXVLnMWhzx4LYvLFS0EBFHw4
cbeY0J7rVhp6tqdQakz6khjHlMamuz1d6pJJD8IHuWFuY8SLjRpWL/2s4TutvLun
S6Ig5mEnnmQLr7/4mwflEBZ1NaII0ULTMHTOQCV1nEPmljTffQ73vq1D5x9hCDTU
nlMrlpcmIQq3VnliEd3V17DsdJQGuWYtjZdlLxXaYHQFYMGUktUThW3vtCzQ54hl
TmP4RTlMJNQZAQAgETXLnnGuWpX8GpRHnvzqoUGyKzWZaG/n8syAnW6n2us4jzRf
PA68h2Q4ZN88WCvRsbnxiCKWBeMNbZ45zJ/gC4ue3tM9ywuuVTSLel4OaXFmxg8j
EVu3MB6Y8HOXneLiw6V1lfP0BVWgqKcWkalR63xtNYNMnmGDf3157qkEQc+x+6d3
vwLOQWeaKfqc1RmxeyT35yI17HsMgvClizGCajQRHHYh3meUPAUaAAK/IoXMDk6C
KhzRVaR5tVc2JwugPZGCRcnuskvMePuWTVwoTJeixv8kcEF1TW9UjU5yVr6EaIRZ
kCOINOMbHQUo7i9j8P8dVnXYsxA/U3xLR2i0H185xkESN88aSqI=
=iL4z
-----END PGP SIGNATURE-----