Hi Chris, On Mon, Aug 07, 2017 at 10:33:06PM -0400, Chris Lamb wrote: > Hi Salvatore, > > > found 854272 1.30.4+dfsg-1 > > found 854733 1.30.4+dfsg-1 > > thanks > > > > Hi Salvatore, > > > > > The recent upload to unstable claims to fix several CVEs. While for > > > #854733 this is the case for CVE-2017-5595, I fail to find fixing > > > commits for the other two CVEs from that bug. Where are they fixed? > > > Can you help identifying the commits? > > > > Oh crumbs, I was either misinformed on (or more likely I misinterpreted!) > > an off-list conversation about these CVEs. > > > > Am immediately re-opening them all for now whilst I investigate. > > Hm, so I think these were all fixed in: > > > https://github.com/ZoneMinder/ZoneMinder/commit/d38bae72aeece85a20e3774c4953080e2e09e63c > > What do you think?
Will try to schedule a bit of time to check this, or if any other can as well would be appreciated. The CSRF vulnerabilities from that list probably yes, but not sure about all of the reported CVEs. Regards, Salvatore
