Debian Bug report logs -
#922724
Lots of security issues
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Dmitry Smirnov <onlyjob@debian.org>:
Bug#922724; Package src:zoneminder.
(Tue, 19 Feb 2019 21:30:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Dmitry Smirnov <onlyjob@debian.org>.
(Tue, 19 Feb 2019 21:30:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: zoneminder
Severity: grave
Tags: security
Please see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8429
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8428
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8427
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8426
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8425
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8424
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8423
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7351
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7350
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7349
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7348
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7347
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7346
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7345
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7344
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7343
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7342
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7341
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7340
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7339
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7338
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7337
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7336
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7335
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7334
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7333
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7332
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7331
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7330
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7329
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7328
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7327
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7326
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7325
We should generally restrict the level of security support to something
sensible. A video surveillance systems is obviously something
that only should be exposed to trusted parties anyway, so I'd suggest
we treat zoneminder similar to e.g. ganglia (#702775), i.e.
- add a note to debian-security-support so that it flags the status
of it
- Add a short README.Debian.security (or similar to document it also
within the package)
Cheers,
Moritz
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:31:55 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon