On Thursday 29 November 2007 10:21, Michael Ablassmeier wrote: > well, its not like random users have access to the zabbix frontend, thats > right. So they indeed have a good level of trust (or should have). However, > its still possible for them to root remote machines, given the fact the > zabbix admin gives them access to the item configuration and there is an > flexible user parameter ..
This is CVE id CVE-2007-6210, please reference it in any changelogs and announcements. Could you also ask upstream to put it into their changelog and announcement? The DSA is ready, except for some buildd issues. Thijs
pgpQoHhQnBQ7M.pgp
Description: PGP signature
