-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 22 May 2026 20:45:00 +1000 Source: nagios4 Binary: nagios4 nagios4-cgi nagios4-cgi-dbgsym nagios4-core nagios4-core-dbgsym Architecture: arm64 Version: 4.4.6-4.1+deb13u1 Distribution: trixie-security Urgency: high Maintainer: arm64 Build Daemon (arm-ubc-05) Changed-By: Russell Stuart Description: nagios4 - host/service/network monitoring and management system nagios4-cgi - cgi files for nagios4 nagios4-core - host/service/network monitoring and management system core files Closes: 1136340 Changes: nagios4 (4.4.6-4.1+deb13u1) trixie-security; urgency=high . * CSRF Security Fix backported from upstream 4.5.12 commit e5ed38e53a5d65721520c7c67be0746d63da28cb (cgi/cmd.c and html/index.php.in). See https://www.nagios.com/security-disclosures/nagios-core/4-5-12/ for the upstream disclosure. No CVE assigned. Closes: #1136340. * This can break third party integrations that POST to cmd.cgi without first setting NagFormId (the CSRF check fails). Upstream PR 1055 has been added as a workaround - see README.Debian. Checksums-Sha1: 3117a57d343ce37fb6476d5cefae383d24a0128f 5747228 nagios4-cgi-dbgsym_4.4.6-4.1+deb13u1_arm64.deb 4d271cad64108ba70d8f8f53341103cdfb575c41 1271540 nagios4-cgi_4.4.6-4.1+deb13u1_arm64.deb c415947aa788d82351d3be5007157b37b508b8b9 744160 nagios4-core-dbgsym_4.4.6-4.1+deb13u1_arm64.deb c6c9c6a93ec77e7b0d11f81e675064e643139687 232692 nagios4-core_4.4.6-4.1+deb13u1_arm64.deb 00bbfa043be28a413fca1058c68bd535ff0390e2 10182 nagios4_4.4.6-4.1+deb13u1_arm64-buildd.buildinfo 4a9b22ef723f618802e81e0bd69832cd4f286abc 16412 nagios4_4.4.6-4.1+deb13u1_arm64.deb Checksums-Sha256: d570bb9ab008e4d026ba104b76fdbbb26bd5462535c735b178354dd3c4722ca6 5747228 nagios4-cgi-dbgsym_4.4.6-4.1+deb13u1_arm64.deb a4d611ed2bfaa7fe6d6c2b7d793b13d6d8b0baf6f27f2297238e9d152ee42fd1 1271540 nagios4-cgi_4.4.6-4.1+deb13u1_arm64.deb 38e96d01bf74d1f29c52cc1bc0779732dacd7d46566e46763bc44570591bf60c 744160 nagios4-core-dbgsym_4.4.6-4.1+deb13u1_arm64.deb 0ef8e81972f91108e267a626cb162748511b92cace9c2d90fed74f90c382cd41 232692 nagios4-core_4.4.6-4.1+deb13u1_arm64.deb c5460d0b3f011e344f5a5ffd39062b6c54c47db7828b264a3e3d53f702c591a4 10182 nagios4_4.4.6-4.1+deb13u1_arm64-buildd.buildinfo 6a9dc24468308064249f0bc039d587521795f549c566559b9e3e5a7bd9096f6f 16412 nagios4_4.4.6-4.1+deb13u1_arm64.deb Files: 3a00a306ce28010cf404b04126dfdf6a 5747228 debug optional nagios4-cgi-dbgsym_4.4.6-4.1+deb13u1_arm64.deb 7e54e22f77022556f4e7a66dcacefe35 1271540 net optional nagios4-cgi_4.4.6-4.1+deb13u1_arm64.deb 0c8104186e65c4bed93de2fd30dce656 744160 debug optional nagios4-core-dbgsym_4.4.6-4.1+deb13u1_arm64.deb f1e6901198770f21d6b7707d2ad7d327 232692 net optional nagios4-core_4.4.6-4.1+deb13u1_arm64.deb 4b1822e0dc9e42c05e49a871be0852d1 10182 net optional nagios4_4.4.6-4.1+deb13u1_arm64-buildd.buildinfo 23b0a79cc7eef8c47c48ddf7c911fe8a 16412 net optional nagios4_4.4.6-4.1+deb13u1_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7rv+l3KtZdQea77lnwznazfjXToFAmoVZSYACgkQnwznazfj XTrskA/+IMce2AQc8LjsyCeQOQ8a2IKfJI3EpbEEJ7ok8QwxuE6DDhVoV6RV58oW dLSgTdIBAJi/nmNj9jKmM6B0yoUvCCAo/78uTs9Lx/SLIeS6TIKp25CWeJTFZNj1 RP87+PdIzJPXJJhlOpK2GF5NgT7KoDMVAvLYbMJENSujoDPGZ4j1BdB/ct2X/65B xta2MFx+X49Vb4zyA3l2IrkSGrpBAaqvmM8PStqaIYD7aTZz4sVKZ6q745TyVNIz bX1Xggn2lab1y29Ewv3WgGCKeu+NhaOW5ykSpymkI3mfI935Zpt8/xdpyIzDCIkZ 9AlSpVXBlzDI9uYVITn4x8j+lxGMh7HCmEsjxXHen6bLy0n8YLJYXsz4SFfAWZTz av4qI4lLSSVZGB1VTcO8ob93hRrp2WzxIV8WxEztEtoLXmsSD30vGIWCh6HdW6nQ WbWQrJ/jkqqbdylD35wonqNt2a4ttfT33CK3gHixWlv1fDxKuH2TLsj9C0xJQw9q fvpY/n1Y/8/3OEof1XTln5knvSpOqXtL6jymr1Or5OPSWCLQR/bym0ZZHJwD/LPE aF9gXAR96+huJ63+ahLuXgG85TWK9ZAWzRT6I8zsvGFG3rGIv5S48aIJM+xjb3PM lB8X0kVI0EUIboJONKTPV4dfeyeBZN3KWoCw9Wvt5ep9cQSqGhg= =ZZTd -----END PGP SIGNATURE-----