Source: zoneminder Version: 1.30.0+dfsg-2 Severity: important Tags: security upstream patch
Hi, the following vulnerability was published for zoneminder. CVE-2016-10140[0]: | Information disclosure and authentication bypass vulnerability exists | in the Apache HTTP Server configuration bundled with ZoneMinder | v1.30.0, which allows a remote unauthenticated attacker to browse all | directories in the web root, e.g., a remote unauthenticated attacker | can view all CCTV images on the server. The package then installs respectively /etc/apache2/conf-available/zoneminder.conf with the problematic settings. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-10140 [1] https://github.com/ZoneMinder/ZoneMinder/pull/1697 [2] https://github.com/ZoneMinder/ZoneMinder/commit/6361f143878ce00659f64ce42593951d773e4e63 [3] https://github.com/ZoneMinder/ZoneMinder/commit/aa0a4d1f5ad2c493f2bed175991e92c466ac3dc4 Regards, Salvatore
