Your message dated Mon, 11 Feb 2019 03:28:33 +0000 with message-id <e1gt2gn-000dxr...@fasolo.debian.org> and subject line Bug#920999: fixed in zoneminder 1.32.3-2 has caused the Debian Bug report #920999, regarding zoneminder: CVE-2019-6992 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 920999: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920999 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: zoneminder Version: 1.32.3-1 Severity: grave Tags: security upstream Forwarded: https://github.com/ZoneMinder/zoneminder/issues/2445 Hi, The following vulnerability was published for zoneminder. CVE-2019-6992[0]: | A stored-self XSS exists in web/skins/classic/views/controlcaps.php of | ZoneMinder through 1.32.3, allowing an attacker to execute HTML or | JavaScript code in a vulnerable field via a long NAME or PROTOCOL to | the index.php?view=controlcaps URI. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-6992 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6992 [1] https://github.com/ZoneMinder/zoneminder/issues/2445 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: zoneminder Source-Version: 1.32.3-2 We believe that the bug you reported is fixed in the latest version of zoneminder, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 920...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dmitry Smirnov <only...@debian.org> (supplier of updated zoneminder package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 11 Feb 2019 13:00:00 +1100 Source: zoneminder Binary: zoneminder zoneminder-dbgsym zoneminder-doc Architecture: source amd64 all Version: 1.32.3-2 Distribution: unstable Urgency: high Maintainer: Dmitry Smirnov <only...@debian.org> Changed-By: Dmitry Smirnov <only...@debian.org> Description: zoneminder - video camera security and surveillance solution zoneminder-doc - video camera security and surveillance solution (documentation) Closes: 915681 920375 920999 921000 921001 Changes: zoneminder (1.32.3-2) unstable; urgency=high . * Upload to unstable. * New upstream patches: + CVE-2019-6777 (Closes: #920375). + CVE-2019-6992 (Closes: #920999). + CVE-2019-6991 (Closes: #921000). + CVE-2019-6990 (Closes: #921001). + Fix for "image size is not multiples of 12 and 64". * Removed broken symlink (Closes: #915681). * Standards-Version: 4.3.0. * Build-Depends: - libmp4v2-dev Checksums-Sha1: f1f45ac28bdd75e90f29ae2d7dd05eace70499a3 3066 zoneminder_1.32.3-2.dsc dd8f8f7f9f4e12ce3d4c69c8ab3bddcf9e7b1ec3 32232 zoneminder_1.32.3-2.debian.tar.xz 7b398bb6d111e3cdf8d36af826e5b12437ca3a55 39824624 zoneminder-dbgsym_1.32.3-2_amd64.deb 8d847f45f8c99cf16b6c58821bf1c69af62348bb 5325896 zoneminder-doc_1.32.3-2_all.deb 3f058ac3c65c3d4ad90e96dd36b382e2ec9f2004 16108 zoneminder_1.32.3-2_amd64.buildinfo cc98374d81c3f27d6853214e2d9f8433ba163430 5411004 zoneminder_1.32.3-2_amd64.deb Checksums-Sha256: 068082f0ebab9590760f84692e536bb72a52ad8fc2a0111d9d5e3fde133f544b 3066 zoneminder_1.32.3-2.dsc 95d75aa0dbf3263e01384b61b9380cade1e4b1c9a1f07dfe1d4f6a38f7ee105c 32232 zoneminder_1.32.3-2.debian.tar.xz ffb3eb7e85f883f26cc07623f61a2e45840f531955be24077fd9a89a59cf7b10 39824624 zoneminder-dbgsym_1.32.3-2_amd64.deb 11bec4d674329d4acc54b3fefe9623dcbc10495397632f380227b8cb2f4ca193 5325896 zoneminder-doc_1.32.3-2_all.deb 75d03f9fadd7cd457bb357fd5d17e774415ce90a65f1d3c4a1aeee6c79403b25 16108 zoneminder_1.32.3-2_amd64.buildinfo 24fada352e81ad5365c7ba6fe91659206efcdd45a39a06fbccf72ae9bd31a9f3 5411004 zoneminder_1.32.3-2_amd64.deb Files: 32786b42b7ef22e6312c9476e2472914 3066 net optional zoneminder_1.32.3-2.dsc caa39696302d7359696a58f569546640 32232 net optional zoneminder_1.32.3-2.debian.tar.xz 096dba1779ca8c69ac13937e6e82c7de 39824624 debug optional zoneminder-dbgsym_1.32.3-2_amd64.deb 046f98ded73930b65a40238704bdf583 5325896 doc optional zoneminder-doc_1.32.3-2_all.deb e5feadcfa59008d452546ec8bed49726 16108 net optional zoneminder_1.32.3-2_amd64.buildinfo 644ecbf06b05ba7940d12dc0b7f9f476 5411004 net optional zoneminder_1.32.3-2_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEULx8+TnSDCcqawZWUra72VOWjRsFAlxg3+0ACgkQUra72VOW jRuKuhAAy4rpl2cn3MExnil27BPAzsBi5nrOo7R5aHyyfOtjXI3VJkMpntT3zGy1 zX3zrAUPATrcD8DERPYcxpDzXjdkRCyFV0aHTk3CY46rHIHntAOQVM7Si4Ej01ka TfNFN89VZKzPq2YIgniq0lOfF3lzideXxJKwqvnlp+EerAbE6GjykXCwhnAUQica 7OTotfU24HzIkiX5q7TFZumj/LxTSm0uzmLln1eJkfrIQ8mZZJmxUgoDj+3hv2I3 00S1oz4Kc9/VMlxZ56EBcuH1eYsNJ9jIopH+t1UJk8abfgbc0No147SKISO0nweN zrTboikcZZO/9pTAVOTwYwAXY1jI8+M+iqhT45kCXpqdqytbe+3sOBiWvNAK7M+4 qtla1gToTVwEQORzEDE0Y3C6e1g7Rc/SIMUJVv2BJUHW7M7c3WBRcPZRoYtBPgNT Q952EVEPqYoUeUSavTwWJCJBbAy2Vdlg+JZ5wqb8r/yR0sSYKuonLTKnJPcCbhYT bekT/Oh7O57+uAboeCkAnjD6ZxSax2iMvtU4omD/Y86VMZ9JeZJP3sXngsl96thX JigX6zShNPjHRHB/GgmZ0CCEsIbzuSGMhX4IHrEbplWu2XbC5c2ttGhlH04vbXhI CSfLkQToA9mOZ81YuRyrlbS/rOhuC96golRQw0bESX7SAFI4VkY= =H/9n -----END PGP SIGNATURE-----
--- End Message ---
