Control: found -1 1:3.0.5+dfsg-1 Hi,
On Sun, Nov 13, 2016 at 09:00:58PM +0100, Salvatore Bonaccorso wrote: > Control: retitle -1 zabbix: CVE-2016-9140: API JSON-RPC remote code execution > Control: found -1 1:2.2.7+dfsg-2 > Control: tags -1 + upstream security > > Hi > > I'm not sure the subject is correct in stating that versions only > below 3.0.3 are affected. Looking from the changes in api_jsonrpc.php > it does not look yet fixed. Can you confirm? > > Is upstream actually aware of the issue? Is a fix available? >From a quick test on a unstable vm this seem still the case for the current unstable version. Regards, Salvatore
