-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 22 May 2026 21:00:00 +1000 Source: nagios4 Binary: nagios4 nagios4-cgi nagios4-cgi-dbgsym nagios4-core nagios4-core-dbgsym Architecture: mips64el Version: 4.4.6-4+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: mipsel Build Daemon (mipsel-osuosl-05) Changed-By: Russell Stuart Description: nagios4 - host/service/network monitoring and management system nagios4-cgi - cgi files for nagios4 nagios4-core - host/service/network monitoring and management system core files Closes: 1136340 Changes: nagios4 (4.4.6-4+deb12u1) bookworm-security; urgency=high . * CSRF Security Fix backported from upstream 4.5.12 commit e5ed38e53a5d65721520c7c67be0746d63da28cb (cgi/cmd.c and html/index.php.in). See https://www.nagios.com/security-disclosures/nagios-core/4-5-12/ for the upstream disclosure. No CVE assigned. Closes: #1136340. * This can break third party integrations that POST to cmd.cgi without first setting NagFormId (the CSRF check fails). Upstream PR 1055 has been added as a workaround - see README.Debian. Checksums-Sha1: 8510079c4af2e0120be199894cf3093f7c4197a2 6045528 nagios4-cgi-dbgsym_4.4.6-4+deb12u1_mips64el.deb 66b0d87050cffff778f05a631f2216d1bb16525e 1242604 nagios4-cgi_4.4.6-4+deb12u1_mips64el.deb 559c52d1e608da0e47fb850cb3a406821511d5a4 796236 nagios4-core-dbgsym_4.4.6-4+deb12u1_mips64el.deb 8a418ee7166ad06dca8969b0e5337b1033c40d61 209160 nagios4-core_4.4.6-4+deb12u1_mips64el.deb 19988fc9811656e815074344607b6f801e6003e5 10478 nagios4_4.4.6-4+deb12u1_mips64el-buildd.buildinfo 7dc089eb6368fb8e64ceaacb57fb7118dd3a7516 16300 nagios4_4.4.6-4+deb12u1_mips64el.deb Checksums-Sha256: 575ecba84770a9e52a94d15143482144dfbfd14f5b0e40a3295c59fc26172423 6045528 nagios4-cgi-dbgsym_4.4.6-4+deb12u1_mips64el.deb eccbcb95d503459dc6057606f5d722310b9f687d7c0e4dc01b64838bc056ef22 1242604 nagios4-cgi_4.4.6-4+deb12u1_mips64el.deb 56d96633fc00ae391e25ff3743bee00accc9d0e77514d50087f90c5f530e7af4 796236 nagios4-core-dbgsym_4.4.6-4+deb12u1_mips64el.deb 96b4ccd1a75200f5cf56bfc845c1fb2f5cf3632e4a20096cb7e859ac3e5eea03 209160 nagios4-core_4.4.6-4+deb12u1_mips64el.deb cf3ba3f9aee2e632d2b115502b362ffb689fb9ff297e03cdc0667306843981b0 10478 nagios4_4.4.6-4+deb12u1_mips64el-buildd.buildinfo 7e6b9262b781f061865b94705175e4194556d3b2c8ca9acf6abfd45113bf0b38 16300 nagios4_4.4.6-4+deb12u1_mips64el.deb Files: 88a87d309ffe22eddf676c8a5f853d00 6045528 debug optional nagios4-cgi-dbgsym_4.4.6-4+deb12u1_mips64el.deb ea8c0ae2190240383e3746a089898e13 1242604 net optional nagios4-cgi_4.4.6-4+deb12u1_mips64el.deb 358977b285c630b84643ecd03654db11 796236 debug optional nagios4-core-dbgsym_4.4.6-4+deb12u1_mips64el.deb 6481cd72938fa3980ad33d83ee677d3a 209160 net optional nagios4-core_4.4.6-4+deb12u1_mips64el.deb d760cef1f904c46c7533a76a4cf78593 10478 net optional nagios4_4.4.6-4+deb12u1_mips64el-buildd.buildinfo efa6ff102f1a835652a8134b48d40df9 16300 net optional nagios4_4.4.6-4+deb12u1_mips64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4ZxaH3zEHAF/GhnCHrk2gTKeWggFAmoWCusACgkQHrk2gTKe WghbyQ/7Boaj95TkJv9cnxH0FJiDpmJGPOuW0aZheQoQWJsITknxZRQAottwZjCB EPovKt14DscHkrOolTFjvuNw2kH5hgu8Eq8DOMPS9DbAlgoJC3YEzhu8Ikqrqs+P HEerCg8djn/3HCPUufH4a10ZCTCucWbyzrz2634HgAovUniAFTbpkGYRiWPbpF4y oysXkutKFOG5Hb1TtpajrQ4VGT3Rj6Ic7mof0R9DJfXdb9+C3xDRmcwTzTbs0ER1 MTGevkeq7F3BSUt28k3gYD/gZMDYJohybIG5EW34lfACCHsto+ueLoj+/6TP599E KNDVaTjbv4WNxQw5wrrkr4skLlD8Gc9aT2YLFL+F857OWlMV6QrDL3wcfeQAwgp2 XoIyoN7HA9/eoJLF+hrpSc9PwhDrukOi81KDAfezK67hEJQpxJTTNUkTE8hyg38H 4KgRfzb7KwSdlXMAYtDkSCfBj4aosLhrtvLSrUJVaQux25vuiD0pvfTSDJE9cDNi lPl5uIwpGHrdPquR6DgwducdigBET2qdVkMkIY85HjGm2VBCk2zkVw5Il+2kuIN1 LB9ISxWDsHyhdtVTPUDzoCacpomgTX9HH8RVdoWSg0EYU2dM/5xJu2xl+9i48Bib T0VawvIrqhmXZxMRcOedja9rgqY+NuWa/6Puu849PcIRF7uXOZQ= =sQbC -----END PGP SIGNATURE-----