-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 22 May 2026 20:45:00 +1000 Source: nagios4 Binary: nagios4 nagios4-cgi nagios4-cgi-dbgsym nagios4-core nagios4-core-dbgsym Architecture: armel Version: 4.4.6-4.1+deb13u1 Distribution: trixie-security Urgency: high Maintainer: armel Build Daemon (arm-conova-04) Changed-By: Russell Stuart Description: nagios4 - host/service/network monitoring and management system nagios4-cgi - cgi files for nagios4 nagios4-core - host/service/network monitoring and management system core files Closes: 1136340 Changes: nagios4 (4.4.6-4.1+deb13u1) trixie-security; urgency=high . * CSRF Security Fix backported from upstream 4.5.12 commit e5ed38e53a5d65721520c7c67be0746d63da28cb (cgi/cmd.c and html/index.php.in). See https://www.nagios.com/security-disclosures/nagios-core/4-5-12/ for the upstream disclosure. No CVE assigned. Closes: #1136340. * This can break third party integrations that POST to cmd.cgi without first setting NagFormId (the CSRF check fails). Upstream PR 1055 has been added as a workaround - see README.Debian. Checksums-Sha1: b77da5ee2e65e2cb4982bb6e321d6b7c45279489 5429936 nagios4-cgi-dbgsym_4.4.6-4.1+deb13u1_armel.deb e4a5cb9865317d0b380fa66da7d26c23c561c38b 1177060 nagios4-cgi_4.4.6-4.1+deb13u1_armel.deb 6f831fd0af74c2c17c13acc4d678eb03e6bc813a 725136 nagios4-core-dbgsym_4.4.6-4.1+deb13u1_armel.deb 48dbe5b4f154863ed75980ee878d34e79fea9b07 222764 nagios4-core_4.4.6-4.1+deb13u1_armel.deb 707614a82c2bb2670388c07820010b098b10ccd9 10050 nagios4_4.4.6-4.1+deb13u1_armel-buildd.buildinfo fa15e95c591f358c37922b46a15a003bfffc71a6 16412 nagios4_4.4.6-4.1+deb13u1_armel.deb Checksums-Sha256: a6a2b07ce37b6bfe0b61f2ccfc5d732bfd2c98aa12503c58be29b4a5b3674535 5429936 nagios4-cgi-dbgsym_4.4.6-4.1+deb13u1_armel.deb b6ce32d272026ac76a32cd7166ddee03bab5abf8b2a992d956544da2a492d7c1 1177060 nagios4-cgi_4.4.6-4.1+deb13u1_armel.deb 76e3f88df923664418f85dd22cb5ac8ea8e0d58f0af827f3a1331a4f3db3b756 725136 nagios4-core-dbgsym_4.4.6-4.1+deb13u1_armel.deb 751936600ba834a3fbb5081faa3d4b47ebaec7cc64807ca38c407e1d72f6cb30 222764 nagios4-core_4.4.6-4.1+deb13u1_armel.deb 43163626ce3095d6703e456572ef5b8fc1978e4f5c7f274310257f7f2acee2a1 10050 nagios4_4.4.6-4.1+deb13u1_armel-buildd.buildinfo 1d8b39cdc4c0fa9ca07592c7d31e2ee64dc069966593e17dc523095b4716dc61 16412 nagios4_4.4.6-4.1+deb13u1_armel.deb Files: e364c000442a1d769c830df99b76c3d4 5429936 debug optional nagios4-cgi-dbgsym_4.4.6-4.1+deb13u1_armel.deb 10b9061b9536c2e3b3ffb72ef7e33894 1177060 net optional nagios4-cgi_4.4.6-4.1+deb13u1_armel.deb f692a258bcd36cfee0a4b7b0fb64ed0d 725136 debug optional nagios4-core-dbgsym_4.4.6-4.1+deb13u1_armel.deb 7581fa22cca169def939311eda228760 222764 net optional nagios4-core_4.4.6-4.1+deb13u1_armel.deb 0c44e4c6f536d7d6757567302d5a8c6f 10050 net optional nagios4_4.4.6-4.1+deb13u1_armel-buildd.buildinfo bc6caaf31393968bc73a33bb7d367980 16412 net optional nagios4_4.4.6-4.1+deb13u1_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEYxmcRLDHP0tCCM0oScpU3dYulLgFAmoVZTgACgkQScpU3dYu lLix3g//Ws0Lei6JeS9MXW4Vexjb9OiMgKMsku8H1gWYAP7IMBHvSvh968HI9gAf cNOVn7kKw/fsDsqMt4Q5VTpy3agwZ+VMiVSTJKYZmsk4eKmv5zAHMR3JL9DXyhjD KVCPfMEeVlrtJL6+1jneTzAmfnuBqeQbsFhzbaWCruKSZOkg9nAQGm6rT5Elewf5 DifSiUSwGm5j7aWAvcqjIsCwchPjeQdgrkh14l+djuYTqGkFTZLVwavd2FRfRbfy NLkeBgiJeyVc8yTzYiXEDpsOCX//ulVWWiEy5xxWfGDbquDRz0V4XZrdWE5+WKw5 5oZHARnn1/1H3QJDlj6zujK9OetgXljLXkR9gxEHtowGqK8s2x6LpWs9ce6dGGNV FzbVPrlVnnBG/olxa+yk9NlFQH+YVMfxXPGLdpYyiaQ5ApfUjZX61dx/KhJ7Achx aG+8h/gfh0ooOncJEeBcWKFdIc00RVnw8wFwjsOWM+WM9Qm7GXmb8Vj24rtfvvyG 8+vgCdMG7TccEf97Pcgt1Wym94xEgS0Dqn57XI7SqyxMBpql+bWldS4SawyXD7Da tgxIrsGHWjtGyMNL2l4lSlkjh7nmuUWZj0jchPhfCQQSZ6bjp7CbDFWOudyToiiR oUyhqyKEZjq8wCFXyDsInuPfckvvvglpLctNbms3Gy83MYuJASE= =D7od -----END PGP SIGNATURE-----