Bug#774750: marked as done (zabbix: CVE-2014-9450)

[Debian Bug Tracking System]

Your message dated Thu, 15 Jan 2015 00:18:46 +0000
with message-id <e1yby98-0005z1...@franck.debian.org>
and subject line Bug#774750: fixed in zabbix 1:2.2.7+dfsg-2
has caused the Debian Bug report #774750,
regarding zabbix: CVE-2014-9450
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
774750: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774750
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: zabbix
Severity: grave
Tags: security
Justification: user security hole

Please see https://support.zabbix.com/browse/ZBX-8582

The patch
https://github.com/svn2github/zabbix/commit/984bd3bec2d6ca5a80104a5574d19b7f4d04f24b
seems partly merged into 2.2.7 (e.g. the auditacts.php hunk is
present, but the ones for auditlogs.php are missing)

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: zabbix
Source-Version: 1:2.2.7+dfsg-2

We believe that the bug you reported is fixed in the latest version of
zabbix, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 774...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dmitry Smirnov <only...@debian.org> (supplier of updated zabbix package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 15 Jan 2015 10:54:58 +1100
Source: zabbix
Binary: zabbix-agent zabbix-frontend-php zabbix-java-gateway zabbix-proxy-mysql 
zabbix-proxy-pgsql zabbix-proxy-sqlite3 zabbix-server-mysql zabbix-server-pgsql
Architecture: source amd64 all
Version: 1:2.2.7+dfsg-2
Distribution: unstable
Urgency: high
Maintainer: Christoph Haas <h...@debian.org>
Changed-By: Dmitry Smirnov <only...@debian.org>
Description:
 zabbix-agent - network monitoring solution - agent
 zabbix-frontend-php - network monitoring solution - PHP front-end
 zabbix-java-gateway - network monitoring solution - Java gateway
 zabbix-proxy-mysql - network monitoring solution - proxy (using MySQL)
 zabbix-proxy-pgsql - network monitoring solution - proxy (using PostgreSQL)
 zabbix-proxy-sqlite3 - network monitoring solution - proxy (using SQLite3)
 zabbix-server-mysql - network monitoring solution - server (using MySQL)
 zabbix-server-pgsql - network monitoring solution - server (using PostgreSQL)
Closes: 774750
Changes:
 zabbix (1:2.2.7+dfsg-2) unstable; urgency=high
 .
   * CVE-2014-9450 (ZBX-8582) fixed SQL injection vulnerability
     in frontend (Closes: #774750).
Checksums-Sha1:
 302d9fa5cb7e1c0319aa7b18ecc53ea473fd15f7 2752 zabbix_2.2.7+dfsg-2.dsc
 9a00e3722f8e2030d46af6c74688fe657e510ec3 189080 
zabbix_2.2.7+dfsg-2.debian.tar.xz
 f3bdd4902d84b44f3de6ee8445e8e6370f54b50b 319764 
zabbix-agent_2.2.7+dfsg-2_amd64.deb
 260f3150b0b8e00e6e070d3e5707fa095b88b939 2901864 
zabbix-frontend-php_2.2.7+dfsg-2_all.deb
 129a67a6fba8ce0887f3fad8583a93e63a8824ca 188300 
zabbix-java-gateway_2.2.7+dfsg-2_all.deb
 e6d63ac2519ec5620703b1e0bd495f5be1094f27 562286 
zabbix-proxy-mysql_2.2.7+dfsg-2_amd64.deb
 c6f6f3e51614c0018c0a3e356d881f026120e89b 565678 
zabbix-proxy-pgsql_2.2.7+dfsg-2_amd64.deb
 701932127a47e27a1b0bd7bc47528533508a7461 549334 
zabbix-proxy-sqlite3_2.2.7+dfsg-2_amd64.deb
 58fd83c03590719be6c472b578e688bdd6f872bd 1738982 
zabbix-server-mysql_2.2.7+dfsg-2_amd64.deb
 e085287ec49ff8993297ac4f41ad1c928bbfe1b7 1741680 
zabbix-server-pgsql_2.2.7+dfsg-2_amd64.deb
Checksums-Sha256:
 64f95e85ccca8daf9d0d9d62cc0d5070024d5566367b16922d90e91e96bb0aa1 2752 
zabbix_2.2.7+dfsg-2.dsc
 abbecbf460a37ecbed059ac9fbc25a448b03fc013096395c9b546db386c1d56c 189080 
zabbix_2.2.7+dfsg-2.debian.tar.xz
 3e5a2a241fa1f103df6c0414fade1656d2d238805c458fcd10f03deac4870dfb 319764 
zabbix-agent_2.2.7+dfsg-2_amd64.deb
 d9986b6487cc190f7e135ddf95e6a9dadcb8b5326153dd0b7315aadfd1cccf38 2901864 
zabbix-frontend-php_2.2.7+dfsg-2_all.deb
 d3c37311380739293ba6f99e91cab1a25280699833fba22c69efd55f2465ec08 188300 
zabbix-java-gateway_2.2.7+dfsg-2_all.deb
 6c46c368af9d1dee42e70bd6bf334342150d95faf83c77c88fe0cea129776c9a 562286 
zabbix-proxy-mysql_2.2.7+dfsg-2_amd64.deb
 a643414042e5a79f60b937ccd51f69e38061dcf79e31c7f348244c10ae27f01b 565678 
zabbix-proxy-pgsql_2.2.7+dfsg-2_amd64.deb
 fc3e9453b995ce002428cd1fbdd58be3c86bf1eb39801418e40f9afc3767d206 549334 
zabbix-proxy-sqlite3_2.2.7+dfsg-2_amd64.deb
 04501b3432385437bfe97d637101037762c996b6dad46cb799655d8f8a89ba7c 1738982 
zabbix-server-mysql_2.2.7+dfsg-2_amd64.deb
 389e0d3c47655e40c84cd418d95ace7dc754785335a6d562cda64efcf3623a09 1741680 
zabbix-server-pgsql_2.2.7+dfsg-2_amd64.deb
Files:
 671239c1b71347882c6dde4306af256a 2752 net optional zabbix_2.2.7+dfsg-2.dsc
 8ed705da99b5bcff3c67121d2a4c4c35 189080 net optional 
zabbix_2.2.7+dfsg-2.debian.tar.xz
 8badf40b043c14d20a6363a30f02baee 319764 net optional 
zabbix-agent_2.2.7+dfsg-2_amd64.deb
 8c38c297dc3caa1754fde31605374f54 2901864 net optional 
zabbix-frontend-php_2.2.7+dfsg-2_all.deb
 0e5a75cc360763c61486200ba6450b16 188300 net optional 
zabbix-java-gateway_2.2.7+dfsg-2_all.deb
 ac18e52b9ed1a5866b1fac3ebeaee160 562286 net optional 
zabbix-proxy-mysql_2.2.7+dfsg-2_amd64.deb
 9445b20bbefa3bdf974cd67f99c2e063 565678 net optional 
zabbix-proxy-pgsql_2.2.7+dfsg-2_amd64.deb
 4893e64545794f8b99ec0f25ee82ee5a 549334 net optional 
zabbix-proxy-sqlite3_2.2.7+dfsg-2_amd64.deb
 973752519cfc77110a4c47162001896e 1738982 net optional 
zabbix-server-mysql_2.2.7+dfsg-2_amd64.deb
 fdfff3a98b2bbdab9087aaaf96bff0e1 1741680 net optional 
zabbix-server-pgsql_2.2.7+dfsg-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUtwRqAAoJEFK2u9lTlo0bMbYQALvRxIyhf5Ew0sLANuM8vks1
jN/WPUKv5+aU8gGIL22gCLG1mQwiwhHEk/a3akDpULmYL91NJjkscfospam9E0c9
cC8q92jXwxF9od3tz1pS5DgicOpSSJuW6SEVo1XyV5rO9eVNw0TbmCb+YkEq8FU9
agjLKRPydbfgI8WNYJ52ACv1/KC06tqCe4tCKf0wuYhKnnt6VcBIX3eFHEaPWd68
CG2M+7ayNOW2Hknztr8WcpBhuJQGeR3IVKJ/nhhormHalHO5bqmtgIwcx4XxXkGE
1D2R+xo95QNqjSnQsIfWeSBqsEM6/KUgj/miT+UEB+na7VIpRxPfCgj/gek64P+y
SR+ACbF9Bj6WSB5rsVYfGKDdl7+gl0Tff3KW+lw5x4L1B+LMbENtjU0Oytb6yqDV
DJApikWg61xC2kNUDJXM8LaAAuFhrEQiqvzrjSytJgdtfgbzRS3Zkyx4Gwx0AD+c
W2CFFuzKXvept4ydLZtRzw4zzXv98ReDPRcjgHJGsfxxtCbJoIw50rzx6P2EKVJn
Ii9f7UkZYqqG9RYTcsPlSNteS3EZ1qB3BVeo2NSzBOAjSh1e9LzUvIbgNgSwb2Eh
WwTWAKocewQA746xk1hePDQrgms2/w1MuvLe5jy4JaUs696bMtSRBPWCvDbV73gb
zh9e5TRsjJ1nVLhJbkNC
=e40V
-----END PGP SIGNATURE-----

--- End Message ---