On Tue, Jul 08, 2014 at 07:56:59PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
>
> Hi,
>
> On Thu, 2014-03-06 at 16:42 +1100, Dmitry Smirnov wrote:
> > With your permission I'd like to upload the following update to Zabbix
> > in oldstable:
> >
> > ~~~~
> > zabbix (1:1.8.2-1squeeze6) oldstable-proposed-updates; urgency=high
> >
> > * CVE-2013-6824: (ZBX-7479) fixed command injection vulnerability in
> > Agent.
> > * CVE-2014-1682: (ZBX-7703) fixed vulnerability allowing to impersonate
> > other users without proper credentials when using HTTP authentication
> > (Closes: #737818).
>
> Apologies for the delay in getting back to you regarding this.
>
> We've also had a request to remove zabbix from squeeze, as it won't be
> supported in squeeze-lts (#753503). We can't do both in the same point
> release and the upcoming one will be the final point release for
> squeeze.
If the Zabbix maintainers want to take care of Zabbix in squeeze-lts
we can keep it. It should be noted that many more issues are unfixed
in squeeze, so I'm still in favour of removal:
CVE-2011-2904 vulnerable fixed fixed Cross-site scripting (XSS)
vulnerability in acknow.php in Zabbix ...
CVE-2011-4615 vulnerable fixed fixed Multiple cross-site scripting
(XSS) vulnerabilities in Zabbix before ...
CVE-2011-4674 vulnerable fixed fixed SQL injection vulnerability in
popup.php in Zabbix 1.8.3 and 1.8.4, ...
CVE-2011-5027 vulnerable fixed fixed Cross-site scripting (XSS)
vulnerability in ZABBIX before 1.8.10 ...
CVE-2012-6086 vulnerable fixed fixed libs/zbxmedia/eztexting.c in
Zabbix 1.8.x before 1.8.18rc1, 2.0.x ..
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
