Bug#528252: marked as done (zoneminder: conf file permissions need to be more restrictive)

Mon, 01 Jun 2009 22:44:43 -0700 

Your message dated Tue, 02 Jun 2009 05:17:05 +0000
with message-id <[email protected]>
and subject line Bug#528252: fixed in zoneminder 1.24.1-1
has caused the Debian Bug report #528252,
regarding zoneminder: conf file permissions need to be more restrictive
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
528252: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528252
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: zoneminder
Severity: normal
Tags: security

Hi,

The following CVE (Common Vulnerabilities & Exposures) id was
published for zoneminder.

CVE-2008-6755[0]:
| ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to
| the apache user account, and sets the permissions to 0600, which makes
| it easier for remote attackers to modify this file by accessing it
| through a (1) PHP or (2) CGI script.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6755
    http://security-tracker.debian.net/tracker/CVE-2008-6755

--- End Message ---
--- Begin Message --- 
Source: zoneminder
Source-Version: 1.24.1-1

We believe that the bug you reported is fixed in the latest version of
zoneminder, which is due to be installed in the Debian FTP archive:

zoneminder_1.24.1-1.diff.gz
  to pool/main/z/zoneminder/zoneminder_1.24.1-1.diff.gz
zoneminder_1.24.1-1.dsc
  to pool/main/z/zoneminder/zoneminder_1.24.1-1.dsc
zoneminder_1.24.1-1_i386.deb
  to pool/main/z/zoneminder/zoneminder_1.24.1-1_i386.deb
zoneminder_1.24.1.orig.tar.gz
  to pool/main/z/zoneminder/zoneminder_1.24.1.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Peter Howard <[email protected]> (supplier of updated zoneminder 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 16 May 2009 07:02:50 +1000
Source: zoneminder
Binary: zoneminder
Architecture: source i386
Version: 1.24.1-1
Distribution: unstable
Urgency: high
Maintainer: Peter Howard <[email protected]>
Changed-By: Peter Howard <[email protected]>
Description: 
 zoneminder - Linux video camera security and surveillance solution
Closes: 486064 497640 526918 528252
Changes: 
 zoneminder (1.24.1-1) unstable; urgency=high
 .
   * Initial release of zoneminder 1.24.1, closing CVE-2008-3882,
     CVE-2008-3881, CVE-2008-3880
     (closes: #497640)
   * Change syslog dependency to rsyslog.
     (closes: #526918)
   * Add missing perl depenency.
   * Restore patch to disable "check for updates" by default.
   * Removed spurious '$' in init script.
     (closes: #486064)
   * Change permission of zm.conf from 0600 to 0400 for CVE-2008-6755
     (closes: #528252)
Checksums-Sha1: 
 cf1110cd5560c692a3b6651de4558a55d72cf690 1358 zoneminder_1.24.1-1.dsc
 dbfc665434913564993403711e9dd3a85a72158c 894667 zoneminder_1.24.1.orig.tar.gz
 e33036cb76d819e77209055e8f79c1861cd8ced8 34335 zoneminder_1.24.1-1.diff.gz
 b3cf4c223d9bceb497640a9f1545feca21eb6846 1409582 zoneminder_1.24.1-1_i386.deb
Checksums-Sha256: 
 1d4578fdeb98b6edc18a9734799f33810d5c2aa980d73ac0da6a5b5193959486 1358 
zoneminder_1.24.1-1.dsc
 53a1514413cb401e0945fad009483e560a9a4d2e0ba40350988ca87fbb860ab2 894667 
zoneminder_1.24.1.orig.tar.gz
 b5ae1df341ae295d1c64eed348498bb86fbc2be1d1d3268541508c98ed40f70e 34335 
zoneminder_1.24.1-1.diff.gz
 577f7d113cd3abed23af98ed4aa8524b35c6589f2b967cbb4213374a3369e47e 1409582 
zoneminder_1.24.1-1_i386.deb
Files: 
 cab6c87427894ae5a8cf13f07e7c7d09 1358 net optional zoneminder_1.24.1-1.dsc
 1e4ce392d645cbb28037ecebc5a56584 894667 net optional 
zoneminder_1.24.1.orig.tar.gz
 b16b05e0148974f30224c41f85817073 34335 net optional zoneminder_1.24.1-1.diff.gz
 413f13e249d32e110aed83ab2e41c83e 1409582 net optional 
zoneminder_1.24.1-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkoksi4ACgkQCfB0CMh//C+UnQCeIhFae6h8jdDy6v2LWz8SSjkB
88MAoKAhjaN3XLY3ROhbEmJmmgTR7/0H
=23sC
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to