-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : zoneminder Version : 1.25.0-4+deb7u2 CVE ID : CVE-2017-5595
Multiple vulnerabilities have been found in zoneminder. This update fixes only a serious file disclosure vulnerability (CVE-2017-5595). The application has been found to suffer from many other problems such as SQL injection vulnerabilities, cross-site scripting issues, cross-site request forgery, session fixation vulnerability. Due to the amount of issues and to the relative invasiveness of the relevant patches, those issues will not be fixed in Wheezy. We thus advise you to restrict access to zoneminder to trusted users only. If you want to review the list of ignored issues, you can check the security tracker: https://security-tracker.debian.org/tracker/source-package/zoneminder We recommend that you upgrade your zoneminder packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/ -----BEGIN PGP SIGNATURE----- Comment: Signed by Raphael Hertzog iQEzBAEBCgAdFiEE1823g1EQnhJ1LsbSA4gdq+vCmrkFAlnyCsEACgkQA4gdq+vC mrlNNAf/YvyHZO1VnF28HRGDM4YQqS8bw1oOYBn4jQpvS2eAGdVjhhNgk696zWiD CvVBxdls2cd40I0xA5jbXyCRljuCGztRc6aRwd2yBqjD3COBBHt7NcBq1McznR6i 9DQAHs0eRlm/Z5WbtSoh7n2MJCSXo52N4V5AqAuhFRO7a2EGxtwpVTsJhvpeRrrS FIQ1H4dleSXITFsGOd0zzgaBNLQ1NUnzRIWv5cYQqtsil9FSO/JCPpdF0aFGBVJu 475XRM3CuJozck0wCjfgk15Z24DJ/iQseLXUUgKWxdfN3FYWkkAbW1+ohmM4Wiqe DQRI1nJUh6gENmLdHXzu2ugk3fachQ== =L6JT -----END PGP SIGNATURE-----
