On Mon, Feb 25, 2013 at 12:28:33PM +0100, Salvatore Bonaccorso wrote:
> On Thu, Feb 14, 2013 at 11:35:31AM -0800, Vagrant Cascadian wrote:
> > Anything more needed for the security team? Which queue should it be
> > uploaded to?
>
> Apologies for the delay. Could you also adress #700912 (CVE-2013-
Hi Vagrant and Peter
On Thu, Feb 14, 2013 at 11:35:31AM -0800, Vagrant Cascadian wrote:
> Anything more needed for the security team? Which queue should it be
> uploaded to?
Apologies for the delay. Could you also adress #700912 (CVE-2013-0332)
for the stable-security update.
I think we can proc
Hi
(Hmm, strange I have not recieved this followup)
On Thu, Feb 14, 2013 at 11:35:31AM -0800, Vagrant Cascadian wrote:
> Which allowed a shell accessible via netcat on port 1337 with the version
> present in squeeze (1.24.2-8).
>
> With a package built with the patch applied, I was not able to r
On Mon, Feb 11, 2013 at 03:29:05PM -0800, Vagrant Cascadian wrote:
> On Mon, Feb 11, 2013 at 11:41:13PM +0100, Moritz Mühlenhoff wrote:
> > On Mon, Feb 11, 2013 at 11:03:32PM +0100, Salvatore Bonaccorso wrote:
> > > On Sun, Feb 10, 2013 at 10:25:27AM -0500, James McCoy wrote:
> > > > On Sun, Jan 27
On Mon, Feb 11, 2013 at 11:41:13PM +0100, Moritz Mühlenhoff wrote:
> On Mon, Feb 11, 2013 at 11:03:32PM +0100, Salvatore Bonaccorso wrote:
> > On Sun, Feb 10, 2013 at 10:25:27AM -0500, James McCoy wrote:
> > > On Sun, Jan 27, 2013 at 05:43:13PM +0100, Salvatore Bonaccorso wrote:
...
> > The patches
On Mon, 2013-02-11 at 23:03 +0100, Salvatore Bonaccorso wrote:
> Hi
>
> On Sun, Feb 10, 2013 at 10:25:27AM -0500, James McCoy wrote:
> > On Sun, Jan 27, 2013 at 05:43:13PM +0100, Salvatore Bonaccorso wrote:
> > > Some additional information: In most usual cases where zoneminder is
> > > set up, th
On Mon, Feb 11, 2013 at 11:03:32PM +0100, Salvatore Bonaccorso wrote:
> Hi
>
> On Sun, Feb 10, 2013 at 10:25:27AM -0500, James McCoy wrote:
> > On Sun, Jan 27, 2013 at 05:43:13PM +0100, Salvatore Bonaccorso wrote:
> > > Some additional information: In most usual cases where zoneminder is
> > > set
Hi
On Sun, Feb 10, 2013 at 10:25:27AM -0500, James McCoy wrote:
> On Sun, Jan 27, 2013 at 05:43:13PM +0100, Salvatore Bonaccorso wrote:
> > Some additional information: In most usual cases where zoneminder is
> > set up, there should be authentication first. So this limits somehow
> > the vulnerab
Hi James
Disclaimer: Only did a quick check.
On Sun, Feb 10, 2013 at 10:25:27AM -0500, James McCoy wrote:
> Control: tag -1 patch
>
> On Sun, Jan 27, 2013 at 05:43:13PM +0100, Salvatore Bonaccorso wrote:
> > Some additional information: In most usual cases where zoneminder is
> > set up, there s
Control: tag -1 patch
On Sun, Jan 27, 2013 at 05:43:13PM +0100, Salvatore Bonaccorso wrote:
> Some additional information: In most usual cases where zoneminder is
> set up, there should be authentication first. So this limits somehow
> the vulnerability.
The attached patch should address the issu
Processing control commands:
> tag -1 patch
Bug #698910 [src:zoneminder] zoneminder: CVE-2013-0232: arbitrary command
execution vulnerability
Added tag(s) patch.
--
698910: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698910
Debian Bug Tracking System
Contact ow...@bugs.debian.org with prob
Some additional information: In most usual cases where zoneminder is
set up, there should be authentication first. So this limits somehow
the vulnerability.
There is also a forum post on this, but still witout reply:
http://www.zoneminder.com/forums/viewtopic.php?f=29&t=20771
Regards,
Salvator
Source: zoneminder
Severity: grave
Tags: security
Justification: user security hole
Hi
The following arbitrary command execution vulnerability was disclosed
for zoneminder:
http://itsecuritysolutions.org/2013-01-22-ZoneMinder-Video-Server-arbitrary-command-execution-vulnerability/
Regards,
Sa
13 matches
Mail list logo
