-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 22 May 2026 21:00:00 +1000
Source: nagios4
Architecture: source
Version: 4.4.6-4+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Russell Stuart <russell-debian@stuart.id.au>
Changed-By: Russell Stuart <russell-debian@stuart.id.au>
Closes: 1136340
Changes:
 nagios4 (4.4.6-4+deb12u1) bookworm-security; urgency=high
 .
   * CSRF Security Fix backported from upstream 4.5.12 commit
     e5ed38e53a5d65721520c7c67be0746d63da28cb (cgi/cmd.c and
     html/index.php.in).  See
     https://www.nagios.com/security-disclosures/nagios-core/4-5-12/
     for the upstream disclosure.  No CVE assigned.
     Closes: #1136340.
   * This can break third party integrations that POST to cmd.cgi
     without first setting NagFormId (the CSRF check fails).  Upstream
     PR 1055 has been added as a workaround - see README.Debian.
Checksums-Sha1:
 5564b9896f087be1eabedaf15492a17ce925b500 2010 nagios4_4.4.6-4+deb12u1.dsc
 d52e26d6a17ac70f01d87e9329b20436fff1f1a7 11333414 nagios4_4.4.6.orig.tar.gz
 e151e480a654e4018a8ba87361d18811d9f98e5f 1096632 nagios4_4.4.6-4+deb12u1.debian.tar.xz
 cfef5bfb261353ace6a9bcd0d830a597cafff506 11148 nagios4_4.4.6-4+deb12u1_amd64.buildinfo
Checksums-Sha256:
 dce92264fe10671398116fca79bd1c7caf62a4f9afa1e9df7c8738d92507218e 2010 nagios4_4.4.6-4+deb12u1.dsc
 ab0d5a52caf01e6f4dcd84252c4eb5df5a24f90bb7f951f03875eef54f5ab0f4 11333414 nagios4_4.4.6.orig.tar.gz
 f195d76a7044a1d75a19eb24279eab543428f6e760c015573e27fb13fc079d1d 1096632 nagios4_4.4.6-4+deb12u1.debian.tar.xz
 7fe8e196836c2465e84ab33b50f2e7dd623141740f8837228237d63a0d45724f 11148 nagios4_4.4.6-4+deb12u1_amd64.buildinfo
Files:
 13fe88ad08520bfef307a9bd8bbfb855 2010 net optional nagios4_4.4.6-4+deb12u1.dsc
 ba849e9487e13859381eb117127bfee2 11333414 net optional nagios4_4.4.6.orig.tar.gz
 a9509b8b0b989a2ae5bbf8d5b0c3badf 1096632 net optional nagios4_4.4.6-4+deb12u1.debian.tar.xz
 93e15cdeb0ec21ff558848fddb6538e9 11148 net optional nagios4_4.4.6-4+deb12u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEZqiOeH6lCkTWvjmorNSfiF5UUm4FAmoVXvgACgkQrNSfiF5U
Um6AAxAAwKI+/LRYFxSb31GVmKygwyUBNGnb4Pl5CHJ/9HBMORqsZBx1u5jBzNwO
TRWeq0Ub6FdvtK5r3OD1nUspudtnKc2itti7DYpAgUFHHKQ75G86pEUgBe2+QRie
XYRPeiquPvELiiO5nUcyToH/ZD3wkbwO7+fN2B6PS3jgSLeawJ3a35ukX+VJmkZJ
4D6czX0kVcxs8X1kBZnLS0uT8kxp/p0be5qyD9KnDckruyB77FYjRu7ylVkx+uUj
Mp4WGiLmi2jRg9UtF2HQl1R59l4rlPT1BO4M/P37Np+tl5rWWFSFN+bjzLRbtSGn
+iMZqswcfwsygsYS/0jQTbHO2/sm86xi6m2VI403vJNmBKF18j7wltrYSiBXxQT/
IMAOZxVurjhxtsAG/uqM5jaQ0MDqVQsurn1QaU+RhuyvlaXyICdD5k3T4Pql/+PV
U1RNI7DiNfO59aqfgFeXs+KdeSHHj6CpgHTlhVUVU9Usc+Vk7F13y9twYBW13vwf
/b7FDZ1PpMGmlkaPsicPYiZt83rKc0BoTLVuatPeUvkVqdTu00wbGPSAZ5fKHJsF
TGXd+mumA8EU70BQm8rLFNRA4UMdBbAhM20km3OgirlCS4e7edZRn325vnr4jZim
0uMjGAyaDUJ5XzmY1ixyszll0/3qA2nCsYW3NWJVz5Zslty6PRM=
=XrKS
-----END PGP SIGNATURE-----