zoneminder: CVE-2019-6777

Debian Bug report logs - #920375
zoneminder: CVE-2019-6777

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: zoneminder: CVE-2019-6777

Date: Thu, 24 Jan 2019 21:35:00 +0100

Source: zoneminder
Version: 1.30.4+dfsg1-5
Severity: important
Tags: security upstream
Forwarded: https://github.com/ZoneMinder/zoneminder/issues/2436

Hi,

The following vulnerability was published for zoneminder.

CVE-2019-6777[0]:
| An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in
| web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl
| parameter.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-6777
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6777
[1] https://github.com/ZoneMinder/zoneminder/issues/2436

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Message #12 received at 920375-close@bugs.debian.org (full text, mbox, reply):

From: Dmitry Smirnov <onlyjob@debian.org>

To: 920375-close@bugs.debian.org

Subject: Bug#920375: fixed in zoneminder 1.32.3-2

Date: Mon, 11 Feb 2019 03:28:33 +0000

Source: zoneminder
Source-Version: 1.32.3-2

We believe that the bug you reported is fixed in the latest version of
zoneminder, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 920375@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dmitry Smirnov <onlyjob@debian.org> (supplier of updated zoneminder package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 11 Feb 2019 13:00:00 +1100
Source: zoneminder
Binary: zoneminder zoneminder-dbgsym zoneminder-doc
Architecture: source amd64 all
Version: 1.32.3-2
Distribution: unstable
Urgency: high
Maintainer: Dmitry Smirnov <onlyjob@debian.org>
Changed-By: Dmitry Smirnov <onlyjob@debian.org>
Description:
 zoneminder - video camera security and surveillance solution
 zoneminder-doc - video camera security and surveillance solution (documentation)
Closes: 915681 920375 920999 921000 921001
Changes:
 zoneminder (1.32.3-2) unstable; urgency=high
 .
   * Upload to unstable.
   * New upstream patches:
     + CVE-2019-6777 (Closes: #920375).
     + CVE-2019-6992 (Closes: #920999).
     + CVE-2019-6991 (Closes: #921000).
     + CVE-2019-6990 (Closes: #921001).
     + Fix for "image size is not multiples of 12 and 64".
   * Removed broken symlink (Closes: #915681).
   * Standards-Version: 4.3.0.
   * Build-Depends:
     - libmp4v2-dev
Checksums-Sha1:
 f1f45ac28bdd75e90f29ae2d7dd05eace70499a3 3066 zoneminder_1.32.3-2.dsc
 dd8f8f7f9f4e12ce3d4c69c8ab3bddcf9e7b1ec3 32232 zoneminder_1.32.3-2.debian.tar.xz
 7b398bb6d111e3cdf8d36af826e5b12437ca3a55 39824624 zoneminder-dbgsym_1.32.3-2_amd64.deb
 8d847f45f8c99cf16b6c58821bf1c69af62348bb 5325896 zoneminder-doc_1.32.3-2_all.deb
 3f058ac3c65c3d4ad90e96dd36b382e2ec9f2004 16108 zoneminder_1.32.3-2_amd64.buildinfo
 cc98374d81c3f27d6853214e2d9f8433ba163430 5411004 zoneminder_1.32.3-2_amd64.deb
Checksums-Sha256:
 068082f0ebab9590760f84692e536bb72a52ad8fc2a0111d9d5e3fde133f544b 3066 zoneminder_1.32.3-2.dsc
 95d75aa0dbf3263e01384b61b9380cade1e4b1c9a1f07dfe1d4f6a38f7ee105c 32232 zoneminder_1.32.3-2.debian.tar.xz
 ffb3eb7e85f883f26cc07623f61a2e45840f531955be24077fd9a89a59cf7b10 39824624 zoneminder-dbgsym_1.32.3-2_amd64.deb
 11bec4d674329d4acc54b3fefe9623dcbc10495397632f380227b8cb2f4ca193 5325896 zoneminder-doc_1.32.3-2_all.deb
 75d03f9fadd7cd457bb357fd5d17e774415ce90a65f1d3c4a1aeee6c79403b25 16108 zoneminder_1.32.3-2_amd64.buildinfo
 24fada352e81ad5365c7ba6fe91659206efcdd45a39a06fbccf72ae9bd31a9f3 5411004 zoneminder_1.32.3-2_amd64.deb
Files:
 32786b42b7ef22e6312c9476e2472914 3066 net optional zoneminder_1.32.3-2.dsc
 caa39696302d7359696a58f569546640 32232 net optional zoneminder_1.32.3-2.debian.tar.xz
 096dba1779ca8c69ac13937e6e82c7de 39824624 debug optional zoneminder-dbgsym_1.32.3-2_amd64.deb
 046f98ded73930b65a40238704bdf583 5325896 doc optional zoneminder-doc_1.32.3-2_all.deb
 e5feadcfa59008d452546ec8bed49726 16108 net optional zoneminder_1.32.3-2_amd64.buildinfo
 644ecbf06b05ba7940d12dc0b7f9f476 5411004 net optional zoneminder_1.32.3-2_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEULx8+TnSDCcqawZWUra72VOWjRsFAlxg3+0ACgkQUra72VOW
jRuKuhAAy4rpl2cn3MExnil27BPAzsBi5nrOo7R5aHyyfOtjXI3VJkMpntT3zGy1
zX3zrAUPATrcD8DERPYcxpDzXjdkRCyFV0aHTk3CY46rHIHntAOQVM7Si4Ej01ka
TfNFN89VZKzPq2YIgniq0lOfF3lzideXxJKwqvnlp+EerAbE6GjykXCwhnAUQica
7OTotfU24HzIkiX5q7TFZumj/LxTSm0uzmLln1eJkfrIQ8mZZJmxUgoDj+3hv2I3
00S1oz4Kc9/VMlxZ56EBcuH1eYsNJ9jIopH+t1UJk8abfgbc0No147SKISO0nweN
zrTboikcZZO/9pTAVOTwYwAXY1jI8+M+iqhT45kCXpqdqytbe+3sOBiWvNAK7M+4
qtla1gToTVwEQORzEDE0Y3C6e1g7Rc/SIMUJVv2BJUHW7M7c3WBRcPZRoYtBPgNT
Q952EVEPqYoUeUSavTwWJCJBbAy2Vdlg+JZ5wqb8r/yR0sSYKuonLTKnJPcCbhYT
bekT/Oh7O57+uAboeCkAnjD6ZxSax2iMvtU4omD/Y86VMZ9JeZJP3sXngsl96thX
JigX6zShNPjHRHB/GgmZ0CCEsIbzuSGMhX4IHrEbplWu2XbC5c2ttGhlH04vbXhI
CSfLkQToA9mOZ81YuRyrlbS/rOhuC96golRQw0bESX7SAFI4VkY=
=H/9n
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.