On Tue, 2014-07-08 at 20:45 +0200, Moritz Muehlenhoff wrote: > On Tue, Jul 08, 2014 at 07:56:59PM +0100, Adam D. Barratt wrote: [...] > > We've also had a request to remove zabbix from squeeze, as it won't be > > supported in squeeze-lts (#753503). We can't do both in the same point > > release and the upcoming one will be the final point release for > > squeeze. > > If the Zabbix maintainers want to take care of Zabbix in squeeze-lts > we can keep it. It should be noted that many more issues are unfixed > in squeeze, so I'm still in favour of removal: > > CVE-2011-2904 vulnerable fixed fixed Cross-site scripting (XSS) > vulnerability in acknow.php in Zabbix ... > CVE-2011-4615 vulnerable fixed fixed Multiple cross-site scripting > (XSS) vulnerabilities in Zabbix before ... > CVE-2011-4674 vulnerable fixed fixed SQL injection vulnerability in > popup.php in Zabbix 1.8.3 and 1.8.4, ... > CVE-2011-5027 vulnerable fixed fixed Cross-site scripting (XSS) > vulnerability in ZABBIX before 1.8.10 ... > CVE-2012-6086 vulnerable fixed fixed libs/zbxmedia/eztexting.c in > Zabbix 1.8.x before 1.8.18rc1, 2.0.x ..
zabbix maintainers: ping? Assuming you'd be willing to support the package in -lts, the window for us possibly accepting an update for the final squeeze point release closes over the upcoming weekend, so we'll need a decision soon. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
