Bug#651225: marked as done (Security vulnerabilities (CVE-2011-2904, CVE-2011-3263, CVE-2011-3265, CVE-2011-4674))

Mon, 30 Jul 2012 13:51:26 -0700 

Your message dated Mon, 30 Jul 2012 20:50:28 +0000
with message-id <e1svwv6-0002ie...@franck.debian.org>
and subject line Bug#651225: fixed in zabbix 1:2.0.1+dfsg-1
has caused the Debian Bug report #651225,
regarding Security vulnerabilities (CVE-2011-2904, CVE-2011-3263, 
CVE-2011-3265, CVE-2011-4674)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
651225: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651225
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: zabbix
Version: 1:1.8.2-1squeeze2
Tags: security
Severity: grave

There appear to be several unfixed unverabilities in Zabbix in
squeeze, including SQL injection vulnerabilities:

http://security-tracker.debian.org/tracker/CVE-2011-2904
http://security-tracker.debian.org/tracker/CVE-2011-3263
http://security-tracker.debian.org/tracker/CVE-2011-3265
http://security-tracker.debian.org/tracker/CVE-2011-4674

We would appreciate if you prepared fixed packages and contacted the
security team (preferably with a source debdiff of the porposed
upload).  Thanks.

--- End Message ---
--- Begin Message --- 
Source: zabbix
Source-Version: 1:2.0.1+dfsg-1

We believe that the bug you reported is fixed in the latest version of
zabbix, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 651...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christoph Haas <h...@debian.org> (supplier of updated zabbix package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 24 May 2012 00:34:04 +0200
Source: zabbix
Binary: zabbix-agent zabbix-frontend-php zabbix-proxy-mysql zabbix-proxy-pgsql 
zabbix-proxy-sqlite3 zabbix-server-mysql zabbix-server-pgsql
Architecture: source amd64 all
Version: 1:2.0.1+dfsg-1
Distribution: unstable
Urgency: low
Maintainer: Christoph Haas <h...@debian.org>
Changed-By: Christoph Haas <h...@debian.org>
Description: 
 zabbix-agent - network monitoring solution - agent
 zabbix-frontend-php - network monitoring solution - PHP front-end
 zabbix-proxy-mysql - network monitoring solution - proxy (using MySQL)
 zabbix-proxy-pgsql - network monitoring solution - proxy (using PostgreSQL)
 zabbix-proxy-sqlite3 - network monitoring solution - proxy (using SQLite3)
 zabbix-server-mysql - network monitoring solution - server (using MySQL)
 zabbix-server-pgsql - network monitoring solution - server (using PostgreSQL)
Closes: 651225 664067 674175 674941
Changes: 
 zabbix (1:2.0.1+dfsg-1) unstable; urgency=low
 .
   [ Christoph Haas ]
   * New upstream release. (closes: #674941, #674175, #651225)
   * Scriptaculous Javascript library removed.
   * Configure option --with-pgsql renamed to --with-postgresql
   * Added 'status' option in usage description of init.d files (closes:
     #664067)
   * Removed dbconfig-common. Reasons are explained in debian/TODO.Debian
   * Removed debconf and corresponding .po files.
   * Removed automatic configuration of frontend-php to reduce divergence
     from upstream installation instructions.
   * Documented database instalation/upgrade.
   * Introduced /etc/default files to control services' automatic startup.
 .
   [ Dmitry Smirnov ]
   * Added new 'zabbix-server-sqlite3' package
   * Refactored debian/rules for newer debhelper & compat v9
     + hardening
     + automatic parallel build on linux
     + use dh-autoreconf instead of autotools-dev
     + --as-needed to reduce needless linking (when available)
     + updated path to '--sysconfdir' configure option
     + conditional '--with-openipmi' depending on library availability
   * debian/control:
     + standards to 3.9.3
     + added Homepage
     - dropped 'quilt' from Build-Depends
     + Build-Depends list sorted and updated
     + exclude libopenipmi-dev from Build-Depends on "hurd" and "arm"
     + zabbix-backends-php to Suggests php5 backends
     + added myself to Uploaders
     + DM-Upload-Allowed: yes! (Thanks Christoph)
     + sorted packages alphabetically
   * added sample configuration for 'nginx' web server
   * added missing man page
   * install patched upstream man pages instead of embedded ones
   * consolidated .logrotate and .manpages with symbolic links
   * introduced postrotate to zabbix-agent.logrotate
   * moved note about PHP settings to README.Debian
     in zabix-frontend-php package
   * Documented miscellaneous issues in README.source
   * debian/copyright to copyright-format-1.0
   * new patches:
     + to correct paths in SQL schema upgrade files
     + to correct path in man pages
     + to correct man pages section numbers (ZBX-5166)
     + to replace 'nocrypto' patch with better one
     + to fix columns sorting in frontend-php (ZBX-4986)
   * DFSG-repackaging of upstream source
   * debian source compression to .xz
   * lintianisation
   * compress *.sql files in zabbix-server-* packages
   * updated *.init files to:
     + check and report if daemon is already running.
     + always invoke 'chown', not just when directory do not exist.
     + move variables definition section above defaults file import
       to allow potential customising and redefining.
     + use more up-to-date syntax.
     + use LSB functions for messages output.
     + capture daemon output and integrate it to LSB messaging.
     + TERM/30/KILL/5 when daemon is not stopping.
     + report status using status_of_proc.
Checksums-Sha1: 
 7fbe5ace706d025c7fcb7ea03ccd824a10d83033 1973 zabbix_2.0.1+dfsg-1.dsc
 c190ccd64b752eb7aefe6f2e914feaa1bf42e8fa 4887276 zabbix_2.0.1+dfsg.orig.tar.xz
 300642590db10805bfcfa5ccce13f61f371651ef 28644 
zabbix_2.0.1+dfsg-1.debian.tar.xz
 01a79903862a4455b4f2cd4208c8782024cb92e3 384136 
zabbix-agent_2.0.1+dfsg-1_amd64.deb
 ee784d7614b417bd8de907b14ea039621c3ce705 3747238 
zabbix-frontend-php_2.0.1+dfsg-1_all.deb
 226530ccbe327be44f7997d7703e0b3704c1ffc7 505952 
zabbix-proxy-mysql_2.0.1+dfsg-1_amd64.deb
 32652e6224147421d2ee336eb57dc8ad3eefd9fd 506814 
zabbix-proxy-pgsql_2.0.1+dfsg-1_amd64.deb
 ac5a23cca05ad044acf595f6241b392d9a03fdac 482714 
zabbix-proxy-sqlite3_2.0.1+dfsg-1_amd64.deb
 b837e391b18ad8375b6ee13598568a58a574fd5f 1680906 
zabbix-server-mysql_2.0.1+dfsg-1_amd64.deb
 71acb0bcce20b6fbfbe7b10d4f8882e0a1718d17 1680370 
zabbix-server-pgsql_2.0.1+dfsg-1_amd64.deb
Checksums-Sha256: 
 47a867650eef0561286e3398af734004a2e10c98bc44e71cb220832791d3a686 1973 
zabbix_2.0.1+dfsg-1.dsc
 94fb1f35a93419080b3a8832c417f98f8695823e9f0abd619e0e4c6cf5378bd4 4887276 
zabbix_2.0.1+dfsg.orig.tar.xz
 f87f350d6bd67d36e5a400043999c486e7a7fd909f8bcd030558bdbd901c5e53 28644 
zabbix_2.0.1+dfsg-1.debian.tar.xz
 afc8c31999dbbadab28b7c81622ba51658433dbb3a3d21fb65b7fd4930b48f5c 384136 
zabbix-agent_2.0.1+dfsg-1_amd64.deb
 14f52e8c25740c5daa18205636f84edd6f5825e733047e2b19f8b2f3de194931 3747238 
zabbix-frontend-php_2.0.1+dfsg-1_all.deb
 679577fe0ba375769a2ef427c985e00e94fb9f12dc87f2bd41abc52923da6262 505952 
zabbix-proxy-mysql_2.0.1+dfsg-1_amd64.deb
 de5e1da65ba5996191496d2c0403ec77435a94c342605b8abad5add5c3c007f8 506814 
zabbix-proxy-pgsql_2.0.1+dfsg-1_amd64.deb
 87005656d3eab9a879f638de25ee9443026125fdb13f8ef6749bac3d216015bc 482714 
zabbix-proxy-sqlite3_2.0.1+dfsg-1_amd64.deb
 7e94095c72fce6277ff1ae112fcbba215d2c35358cd27de277526a909079ea4a 1680906 
zabbix-server-mysql_2.0.1+dfsg-1_amd64.deb
 5084720928a625361aaf0aa1cf55a6f85ad820534a101019cc6b79c631d255b8 1680370 
zabbix-server-pgsql_2.0.1+dfsg-1_amd64.deb
Files: 
 b19c2db44d222cf5296b7f7ead5f004e 1973 net optional zabbix_2.0.1+dfsg-1.dsc
 46559f1fa600c1f9d474cc7a4dc0677c 4887276 net optional 
zabbix_2.0.1+dfsg.orig.tar.xz
 296103852dfe0c88507b230ea262894a 28644 net optional 
zabbix_2.0.1+dfsg-1.debian.tar.xz
 bed61bac118cf922278f9883f784c68a 384136 net optional 
zabbix-agent_2.0.1+dfsg-1_amd64.deb
 d9b4a3c213a9cf4bdb1c87417fd3dfd7 3747238 net optional 
zabbix-frontend-php_2.0.1+dfsg-1_all.deb
 0246f7ce3a416880ae71b8697de2f965 505952 net optional 
zabbix-proxy-mysql_2.0.1+dfsg-1_amd64.deb
 ac0b0821edeb853326a4fa53883e0cb0 506814 net optional 
zabbix-proxy-pgsql_2.0.1+dfsg-1_amd64.deb
 af36d5ef934f91a4350862ae7576e146 482714 net optional 
zabbix-proxy-sqlite3_2.0.1+dfsg-1_amd64.deb
 3eb3ecda100c535ad047de9113687f97 1680906 net optional 
zabbix-server-mysql_2.0.1+dfsg-1_amd64.deb
 64d1480a16459e52c4304250c9531374 1680370 net optional 
zabbix-server-pgsql_2.0.1+dfsg-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlASua8ACgkQCV53xXnMZYb/IACeOu4GESp+UK4oiVVJvUNQzMLg
38UAoMDHsU3X4QkBkjbXKHCMExrsgUSY
=j2gL
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to