Debian Bug report logs -
#697443
zabbix: CVE-2012-6086: insecure curl usage
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Christoph Haas <haas@debian.org>:
Bug#697443; Package zabbix.
(Sat, 05 Jan 2013 13:06:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Henri Salo <henri@nerv.fi>:
New Bug report received and forwarded. Copy sent to Christoph Haas <haas@debian.org>.
(Sat, 05 Jan 2013 13:06:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: zabbix
Version: 1:2.0.2+dfsg-4
Severity: important
Tags: security
Please see: https://support.zabbix.com/browse/ZBX-5924
zabbix-2.0.2/src/libs/zbxmedia/eztexting.c is still using curl insecure way.
- Henri Salo
Added tag(s) pending.
Request was from Dmitry Smirnov <onlyjob@member.fsf.org>
to control@bugs.debian.org.
(Sat, 03 Aug 2013 08:39:04 GMT) (full text, mbox, link).
Message sent on
to Henri Salo <henri@nerv.fi>:
Bug#697443.
(Sat, 03 Aug 2013 08:39:14 GMT) (full text, mbox, link).
Message #12 received at 697443-submitter@bugs.debian.org (full text, mbox, reply):
tag 697443 pending
--
We believe that the bug #697443 you reported has been fixed in the Git
repository. You can see the commit message below and/or inspect the
commit contents at:
http://anonscm.debian.org/gitweb/?p=collab-maint/zabbix.git;a=commitdiff;h=2955bce
(This message was generated automatically by
'git-post-receive-tag-pending-commitmsg' hook).
---
commit 2955bce (HEAD, master)
Author: Dmitry Smirnov <onlyjob@member.fsf.org>
Date: Sat Aug 3 08:23:17 2013
New "ZBX-5924.patch" to fix CVE-2012-6086 (Closes: #697443).
Reply sent
to Dmitry Smirnov <onlyjob@debian.org>:
You have taken responsibility.
(Sat, 03 Aug 2013 17:06:05 GMT) (full text, mbox, link).
Notification sent
to Henri Salo <henri@nerv.fi>:
Bug acknowledged by developer.
(Sat, 03 Aug 2013 17:06:06 GMT) (full text, mbox, link).
Message #17 received at 697443-close@bugs.debian.org (full text, mbox, reply):
Source: zabbix
Source-Version: 1:2.0.7+dfsg-1
We believe that the bug you reported is fixed in the latest version of
zabbix, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 697443@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dmitry Smirnov <onlyjob@debian.org> (supplier of updated zabbix package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 03 Aug 2013 18:53:28 +1000
Source: zabbix
Binary: zabbix-agent zabbix-frontend-php zabbix-proxy-mysql zabbix-proxy-pgsql zabbix-proxy-sqlite3 zabbix-server-mysql zabbix-server-pgsql
Architecture: source amd64 all
Version: 1:2.0.7+dfsg-1
Distribution: unstable
Urgency: low
Maintainer: Christoph Haas <haas@debian.org>
Changed-By: Dmitry Smirnov <onlyjob@debian.org>
Description:
zabbix-agent - network monitoring solution - agent
zabbix-frontend-php - network monitoring solution - PHP front-end
zabbix-proxy-mysql - network monitoring solution - proxy (using MySQL)
zabbix-proxy-pgsql - network monitoring solution - proxy (using PostgreSQL)
zabbix-proxy-sqlite3 - network monitoring solution - proxy (using SQLite3)
zabbix-server-mysql - network monitoring solution - server (using MySQL)
zabbix-server-pgsql - network monitoring solution - server (using PostgreSQL)
Closes: 697443 718246
Changes:
zabbix (1:2.0.7+dfsg-1) unstable; urgency=low
.
* New upstream release [July 2013].
* New "ZBX-5924.patch" to fix CVE-2012-6086 (Closes: #697443).
* Fixed proxy restart issue by adding PidFile to "zabbix_proxy.conf"
(Closes: #718246).
Checksums-Sha1:
d0c23473e824eb6ebd50a8f0d14f11d1104bcf73 2472 zabbix_2.0.7+dfsg-1.dsc
79022c9340d17952a6d2ada2cd9e8b95574e2dfd 5304104 zabbix_2.0.7+dfsg.orig.tar.xz
5dcf44627722f2b7dbd81af370501b371ac4cfe9 32792 zabbix_2.0.7+dfsg-1.debian.tar.xz
690bda95533f064787689133f502e5521572f470 267464 zabbix-agent_2.0.7+dfsg-1_amd64.deb
7617b301ea6387eb47cbbb2ef7f46272addc8786 2322954 zabbix-frontend-php_2.0.7+dfsg-1_all.deb
9f8439b38e728c4cc4ce98431e13a625ae50332d 448094 zabbix-proxy-mysql_2.0.7+dfsg-1_amd64.deb
8be2d7b1a57b4035e302344bfa8c7f814f2467b4 447956 zabbix-proxy-pgsql_2.0.7+dfsg-1_amd64.deb
8e4ebae0a3bc5de441c311620206f951aa1fb48a 424052 zabbix-proxy-sqlite3_2.0.7+dfsg-1_amd64.deb
984d5ff9ea6f99547ad2e4b9ec4c0558ac6f48f9 1615954 zabbix-server-mysql_2.0.7+dfsg-1_amd64.deb
270a8fa77c338553e261a8e0f4703cf948039e39 1616132 zabbix-server-pgsql_2.0.7+dfsg-1_amd64.deb
Checksums-Sha256:
99933fb202fe0c0ff7d74af0cb4aa760131393a1b26508bcb05386c28044a657 2472 zabbix_2.0.7+dfsg-1.dsc
cf8b9f8bcfb143827d27643c4d77d3b110587dc7644b98d537fa7272547054bb 5304104 zabbix_2.0.7+dfsg.orig.tar.xz
99eac097a8ec2ceca974c64b672ada36ff9d188faa8393090efa103270db896b 32792 zabbix_2.0.7+dfsg-1.debian.tar.xz
ff68a4d0cfc1293e5a4951075b500fcfef9567712b11ef3707337830760c6a52 267464 zabbix-agent_2.0.7+dfsg-1_amd64.deb
57aab32d132d41968822439a6d6b3ed2430ea8cbfae98b9527be1622d21a8769 2322954 zabbix-frontend-php_2.0.7+dfsg-1_all.deb
d3ec5270b8340708083634a88081a8e4a8edb43351aed3c5da39b0771407968c 448094 zabbix-proxy-mysql_2.0.7+dfsg-1_amd64.deb
0c00e640dfff5bb2b1ee8b54fb0ebdf99c1f76502f064a3115bba0d62b2f3570 447956 zabbix-proxy-pgsql_2.0.7+dfsg-1_amd64.deb
d7dbe09dbb681803fd45a38dbd03ac59f4e44032ec2091482d0a9b41aa486cc2 424052 zabbix-proxy-sqlite3_2.0.7+dfsg-1_amd64.deb
dc356f45f3ba7294185b971640dde7f5e8736197c413dacc098a6b5c6aa1a5d1 1615954 zabbix-server-mysql_2.0.7+dfsg-1_amd64.deb
63e9165633865a27709cb613c5b12894b544ed90aff12c01d77c002d828b1539 1616132 zabbix-server-pgsql_2.0.7+dfsg-1_amd64.deb
Files:
38eacc9758f7f85b8f984327b8f9072c 2472 net optional zabbix_2.0.7+dfsg-1.dsc
eec2e362f3320e7708f95f18e963748c 5304104 net optional zabbix_2.0.7+dfsg.orig.tar.xz
97ba4543df57f30e02b3f1a51fd128fe 32792 net optional zabbix_2.0.7+dfsg-1.debian.tar.xz
f404dd186a7ba230a32977b3ae36b114 267464 net optional zabbix-agent_2.0.7+dfsg-1_amd64.deb
76eeb8abcf5888eeb42d28e17cb99f22 2322954 net optional zabbix-frontend-php_2.0.7+dfsg-1_all.deb
f3f7031c3190698dc32774913ef00990 448094 net optional zabbix-proxy-mysql_2.0.7+dfsg-1_amd64.deb
527df43634d0571437fcc679f21e7a2d 447956 net optional zabbix-proxy-pgsql_2.0.7+dfsg-1_amd64.deb
b4b632c90f097533309282a33edabf6d 424052 net optional zabbix-proxy-sqlite3_2.0.7+dfsg-1_amd64.deb
204688fbeceabe857792791ea62830c1 1615954 net optional zabbix-server-mysql_2.0.7+dfsg-1_amd64.deb
65475393b6923a45f10027e3e64e259e 1616132 net optional zabbix-server-pgsql_2.0.7+dfsg-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQIcBAEBAgAGBQJR/MeqAAoJEFK2u9lTlo0bUdAP/R47bFXU2LGLQVEXdXCjt40D
W4J5aVwE6db2Gf0qr98zQh0mpEjKSFop+QsDdGrP9leSkZhgWenqIR8ulZGOmvW4
lZx94vb8mz6ZKAXyWhyenFuGre6E39NZw19uutxxfUt9kFaDZI6hGqZ7Xd0pYzsI
nBdmsAl0iMmGU2uXVEV4QTPW5/6VJP5GNcMop+2X40C0heQCBKMKjeZuHJvPqdiP
a4OtvJh/gMhsuzQ2qSwoL0b7VFI7HD+B7X7M2tgv7UytZeqeZbwBx9Muhi1XLRGG
44bja1JQJrF4JG+ud40wdQlm89l3lPA1iH68tAEeQEvd14nm7rZdAjddrRM46vd/
ntPM7imwWkvcrgGVKFVXg3ZcUNHaqjvJSJHEHRg8tmDuMV7nBRGGuUWk+lOLnqY6
YngiOPkxtdcT+h8Nb3J/YpAMy8W23EWCCwoggUpfF4TQRsFKYislED101MezqjFp
Ot7acKI/7Nns9KGn3ECc3zUIHpdkRzfTgdVO7j2X2JTWtoAeiEbIMfOENhhOKXOk
dhScg7Qvkq6OR+SGRZ43lPXHFvbN/v9/vylPkDnAwUTf1ChwV1ih93OQDDbywtrY
XEza5gV0MoChggOY2l02u4yopmKWgS+YL4nhBFsaoqbqnffO9QZvEhPbeAWKTsOJ
LSLQbiYSTkhKym6U0oWN
=gmfi
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 30 Sep 2013 07:31:20 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:00:24 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon