Bug#922724: marked as done (Lots of security issues)

Debian Bug Tracking System Fri, 27 Mar 2020 23:10:09 -0700

Your message dated Sat, 28 Mar 2020 06:04:50 +0000
with message-id <[email protected]>
and subject line Bug#922724: fixed in zoneminder 1.34.8-1
has caused the Debian Bug report #922724,
regarding Lots of security issues
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
922724: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Source: zoneminder
Severity: grave
Tags: security

Please see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8429
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8428
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8427
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8426
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8425
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8424
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8423
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7351
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7350
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7349
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7348
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7347
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7346
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7345
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7344
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7343
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7342
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7341
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7340
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7339
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7338
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7337
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7336
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7335
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7334
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7333
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7332
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7331
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7330
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7329
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7328
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7327
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7326
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7325

We should generally restrict the level of security support to something
sensible. A video surveillance systems is obviously something
that only should be exposed to trusted parties anyway, so I'd suggest
we treat zoneminder similar to e.g. ganglia (#702775), i.e.
- add a note to debian-security-support so that it flags the status
  of it
- Add a short README.Debian.security (or similar to document it also
  within the package)

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: zoneminder
Source-Version: 1.34.8-1
Done: Dmitry Smirnov <[email protected]>

We believe that the bug you reported is fixed in the latest version of
zoneminder, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dmitry Smirnov <[email protected]> (supplier of updated zoneminder package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 28 Mar 2020 15:41:35 +1100
Source: zoneminder
Architecture: source
Version: 1.34.8-1
Distribution: unstable
Urgency: medium
Maintainer: Dmitry Smirnov <[email protected]>
Changed-By: Dmitry Smirnov <[email protected]>
Closes: 922724
Changes:
 zoneminder (1.34.8-1) unstable; urgency=medium
 .
   * New upstream release.
   * Standards-Version: 4.5.0.
   * README.Debian.security: declared limited support behind an
     authenticated HTTP zone (Closes: #922724).
     Thanks, Moritz Muehlenhoff.
Checksums-Sha1:
 aca7fe7412cbfe13723c482466c85521af792ef2 3067 zoneminder_1.34.8-1.dsc
 29cf59a0f4e6ff483958ee6cb4b5f46180520231 3400 
zoneminder_1.34.8.orig-CakePHP-Enum-Behavior.tar.xz
 7e799950b8f0d463afbf122b59586d0cc3b47c1d 59760 
zoneminder_1.34.8.orig-Crud.tar.xz
 95fcb7e37b2f5f30b9e8c2ffc2d96b1a8d4be2de 8658692 zoneminder_1.34.8.orig.tar.xz
 319eaf55dcbee243bde995a1455873545086c668 28780 
zoneminder_1.34.8-1.debian.tar.xz
 fe501f9bc49328c09424d7ead6a13e6282b52beb 16505 
zoneminder_1.34.8-1_amd64.buildinfo
Checksums-Sha256:
 bb70e392ceeb2966d5ae21e51d8216c1f3a19db84d2c11a42144672092a451d6 3067 
zoneminder_1.34.8-1.dsc
 e8006e2df675fa2c955f6186cbb0abc8b35d49f52e9e646f355791f3067d3913 3400 
zoneminder_1.34.8.orig-CakePHP-Enum-Behavior.tar.xz
 99c54f2dbd9a23452de05d66f01ace8b91e4e8e496902f78202f57f928c28db2 59760 
zoneminder_1.34.8.orig-Crud.tar.xz
 d7c73042910db28622883f48f49eac9e90d75b2ac3136bcef9d26024df489640 8658692 
zoneminder_1.34.8.orig.tar.xz
 2e6f5e6d55aa02870e2a747c3350d4d0982c04d48db694b91dc9daa5be1dc5a5 28780 
zoneminder_1.34.8-1.debian.tar.xz
 426a6fdeb6519e7bcb373ac6b30b96a4bc6344cec8e7d9f7e73b2944433e9bf5 16505 
zoneminder_1.34.8-1_amd64.buildinfo
Files:
 502ccf488518887df861c18182b5c100 3067 net optional zoneminder_1.34.8-1.dsc
 8496f1a9f62eab93582d3e2ef2b093fe 3400 net optional 
zoneminder_1.34.8.orig-CakePHP-Enum-Behavior.tar.xz
 e1fcfbf3407f06132fba6ec1fa136f72 59760 net optional 
zoneminder_1.34.8.orig-Crud.tar.xz
 8c4379ddf2c6eddfd21e5d87fb8f4ffa 8658692 net optional 
zoneminder_1.34.8.orig.tar.xz
 6f488ea6e5e5c592aa072bad4906a322 28780 net optional 
zoneminder_1.34.8-1.debian.tar.xz
 2058a4bce6f3670ffcbb1b46913a4c39 16505 net optional 
zoneminder_1.34.8-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEULx8+TnSDCcqawZWUra72VOWjRsFAl5+5pEACgkQUra72VOW
jRvPSg/+IHtlyOHBhGOkdX9/ZhYcVo2Ae9C23zUyUKM8m7/SBJD78gGwqNb3csd/
tk6LYV3qde24TnzdjZDk0zfaeatvgduJdzYRzyJKfDFUOV3ZRQ80CA71nPmXB3yT
Mu3jRWCr6AzD1n8+bsC2zOJ84n32F36lmYVmGuYjqGyuQ0anRwDw4JbCaWjnA+Vr
ShqSg91OQ+6qWfOpWXsPnb0gV0P2zxS0PLfRyn8EWeiY5aUDsXTrnxao8QkXhNf0
FBI/qcUEN6wxfQyhIRXX/IyzBB3dW4sPjL9KSzR+rtiFsKrHkpL6CfLxkR91lrnU
JPLaA33gdJ41H4bso2xRJyc8kEx+XcMRfuoi+D8IkXbWa0hEtrgbMfFF6ZpG0HoG
qaIWUZo1hT/BgBznXYgOLPlgsjLMbywDMsQWmCkcUDmtyIHwApioDAYdTazYBuZC
LXI0TyfQVQdhV5vOq06dXPHs5GgjMrFLEyYWqF4dcwYv/7V/bT17jqkzGnVhb/jV
Ngj0JACjOpgimHxX6+8ov8X4McZRkhFm++WEvNN8446nwB3KbOLDI3JA3C/bghP8
NT8fUmIMpinf1sXWfvAt0WDS89xPVN1Y5IYyzKIGkmuyK8PTlvm1jEoQjYIUXZNJ
/MVXKpuBsYhEBrvmIREBbkJjrhneMh1DWnfVN6oI9hppgacHRHw=
=CRAs
-----END PGP SIGNATURE-----

--- End Message ---

Bug#922724: marked as done (Lots of security issues)

Reply via email to