Your message dated Sat, 10 Dec 2016 03:05:15 +0000
with message-id <e1cfxyn-0008gj...@fasolo.debian.org>
and subject line Bug#842702: fixed in zabbix 1:3.0.6+dfsg-1
has caused the Debian Bug report #842702,
regarding zabbix: CVE-2016-9140: API JSON-RPC remote code execution
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
842702: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842702
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: zabbix-frontend-php
Version: 1:2.2.7+dfsg-2+deb8u1
Severity: grave
Zabbix on Jessie is vulnerable to remote code execution through exploit
available in [1] (valid zabbix user/password is needed).
I do not find any CVE related to this bug.
[1] https://www.exploit-db.com/exploits/39937/
--
Rogerio Bastos
PoP-BA/RNP
--- End Message ---
--- Begin Message ---
Source: zabbix
Source-Version: 1:3.0.6+dfsg-1
We believe that the bug you reported is fixed in the latest version of
zabbix, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 842...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dmitry Smirnov <only...@debian.org> (supplier of updated zabbix package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 10 Dec 2016 11:52:33 +1100
Source: zabbix
Binary: zabbix-agent zabbix-frontend-php zabbix-java-gateway zabbix-proxy-mysql
zabbix-proxy-pgsql zabbix-proxy-sqlite3 zabbix-server-mysql zabbix-server-pgsql
Architecture: source amd64 all
Version: 1:3.0.6+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Dmitry Smirnov <only...@debian.org>
Changed-By: Dmitry Smirnov <only...@debian.org>
Description:
zabbix-agent - network monitoring solution - agent
zabbix-frontend-php - network monitoring solution - PHP front-end
zabbix-java-gateway - network monitoring solution - Java gateway
zabbix-proxy-mysql - network monitoring solution - proxy (using MySQL)
zabbix-proxy-pgsql - network monitoring solution - proxy (using PostgreSQL)
zabbix-proxy-sqlite3 - network monitoring solution - proxy (using SQLite3)
zabbix-server-mysql - network monitoring solution - server (using MySQL)
zabbix-server-pgsql - network monitoring solution - server (using PostgreSQL)
Closes: 842702
Changes:
zabbix (1:3.0.6+dfsg-1) unstable; urgency=medium
.
* New upstream release [Decembeer 2016].
* Removed obsolete "build-m4-mariadb.patch".
* CVE-2016-9140: improved API script.execute validation (Closes: #842702).
* Re-build .css files; Build-Depends += "ruby-sass".
Checksums-Sha1:
27cee962f3a9a7fa8138bdfa1169c2d191d60bcd 2893 zabbix_3.0.6+dfsg-1.dsc
50d76ea59a8fbccb38552a79923d1ca63c8120f8 5943880 zabbix_3.0.6+dfsg.orig.tar.xz
54277efeea0b1b146da92c416fdd59bd077ca325 190460
zabbix_3.0.6+dfsg-1.debian.tar.xz
f7b9252b37f83d5925ecfa13e128fd6c14c03b97 536476
zabbix-agent-dbgsym_3.0.6+dfsg-1_amd64.deb
05ad99c0aabb9f78fb1be454da9b9bdf1f72179c 398482
zabbix-agent_3.0.6+dfsg-1_amd64.deb
c40f98e2fbc022a8bbae5a68802001d7bdc40dd9 1942504
zabbix-frontend-php_3.0.6+dfsg-1_all.deb
8c0e4f21199cb4f3393d7159ef22368ef53a0824 241518
zabbix-java-gateway_3.0.6+dfsg-1_all.deb
ffabefb711f994177fbae4af89f9132d51ef1769 1174466
zabbix-proxy-mysql-dbgsym_3.0.6+dfsg-1_amd64.deb
665216eaf19e1b1e34dc98b7af1c71c769d98d50 685884
zabbix-proxy-mysql_3.0.6+dfsg-1_amd64.deb
1ed86ee76053e887bf9aa3ad65052297820f440f 1173350
zabbix-proxy-pgsql-dbgsym_3.0.6+dfsg-1_amd64.deb
657724a054d8830b0d17e9655e88d21ad55908cd 686060
zabbix-proxy-pgsql_3.0.6+dfsg-1_amd64.deb
a86303462b0275f910f18a72f10af3a35bdf5881 1136934
zabbix-proxy-sqlite3-dbgsym_3.0.6+dfsg-1_amd64.deb
a82916641c556916f578144d4aa1ec1cc652cdb8 671144
zabbix-proxy-sqlite3_3.0.6+dfsg-1_amd64.deb
fbd7a505df3e602ac3085e0e56dbddad9a78a5a5 1264300
zabbix-server-mysql-dbgsym_3.0.6+dfsg-1_amd64.deb
e47728d90933bf3f8dee7d25ea21915d954c6976 1864234
zabbix-server-mysql_3.0.6+dfsg-1_amd64.deb
c2e390f884a0e582d6c0b160422e5e4817696746 1265630
zabbix-server-pgsql-dbgsym_3.0.6+dfsg-1_amd64.deb
b79293bb97db98d7cb4881b8eb6a7d3b8f1377f8 1864522
zabbix-server-pgsql_3.0.6+dfsg-1_amd64.deb
93b19d8a974c4d3f115b8c9b44770b53ef7bd074 16038
zabbix_3.0.6+dfsg-1_amd64.buildinfo
Checksums-Sha256:
4308f418164b7874c87d95ca2d322ef67004394a7a57dfb84e49d1f8eeeb0f22 2893
zabbix_3.0.6+dfsg-1.dsc
65d7c9aaa994196dbdd88784219e15eedcc5806b1cfb85f74a2c9fe861047cf6 5943880
zabbix_3.0.6+dfsg.orig.tar.xz
e52cbb1023cabced7874b624b0467f8acad3f0230df2483d38007b77bacec551 190460
zabbix_3.0.6+dfsg-1.debian.tar.xz
d7ebb0d43a37f1bdeb46c470a206ca9ff5d18d1e67cf4cf19459e3d21866b849 536476
zabbix-agent-dbgsym_3.0.6+dfsg-1_amd64.deb
d973158858fe3ce2f23eef99a669721c6c72da2b1aa7903b1599fdecd7435e10 398482
zabbix-agent_3.0.6+dfsg-1_amd64.deb
447706b620c14dea9ea42ec5f25113671159730ab175f2de0b8104ada5326807 1942504
zabbix-frontend-php_3.0.6+dfsg-1_all.deb
b2c1c99e277b392f62cba5a707b1cf5a062aeb91b94273fe6a35f14b94a7bf28 241518
zabbix-java-gateway_3.0.6+dfsg-1_all.deb
867f1961c95531ac507762d73693baca9a95defb77e7b310b769ea7a9aff6d52 1174466
zabbix-proxy-mysql-dbgsym_3.0.6+dfsg-1_amd64.deb
4222e0bbec1096d05a9a04b60bfeffa4dc4ddd7fda7e04c64eef9b14435ba563 685884
zabbix-proxy-mysql_3.0.6+dfsg-1_amd64.deb
c71d889536954c5fae14e2f4fc30e5bb310006bebb9289f1c6af85200bf060b1 1173350
zabbix-proxy-pgsql-dbgsym_3.0.6+dfsg-1_amd64.deb
979de5b28ae1903b7ab98d47ed9d0d7f5817673ac1f1d4dee37227624bf049ae 686060
zabbix-proxy-pgsql_3.0.6+dfsg-1_amd64.deb
b93e011dbb6ac6d47379195769741685ef535fe41c8b188500c8c7aa256679a1 1136934
zabbix-proxy-sqlite3-dbgsym_3.0.6+dfsg-1_amd64.deb
1f9947c0f60b895fa4eecb543d64b4818c3ceca44ad60ef96cfd10e87c0cf865 671144
zabbix-proxy-sqlite3_3.0.6+dfsg-1_amd64.deb
815b162e04c8ed24c23f0f06e603b450df72f80bc70ac0cd849a858936297476 1264300
zabbix-server-mysql-dbgsym_3.0.6+dfsg-1_amd64.deb
5e74a3fd5b0bb4932c8fa0efad425eeab46922b51dd9f1fab539b5d57590b61f 1864234
zabbix-server-mysql_3.0.6+dfsg-1_amd64.deb
ab8771eb73e433b59ea4cf7e58f75495042f765086c29e5a81d33af6b734b39f 1265630
zabbix-server-pgsql-dbgsym_3.0.6+dfsg-1_amd64.deb
b7a58e20a3f2f1e41cf0cfa8ced9504dffd53313cef2cc319c21e974a79dc233 1864522
zabbix-server-pgsql_3.0.6+dfsg-1_amd64.deb
584565e4cc9d06628fb992c5876b7e0156d7ed83c69e6e7702ee69488621dead 16038
zabbix_3.0.6+dfsg-1_amd64.buildinfo
Files:
e5670751fd91b27c574d568abc71c3ef 2893 net optional zabbix_3.0.6+dfsg-1.dsc
d13ad2b9c6fd4acc6a3ca1f149984327 5943880 net optional
zabbix_3.0.6+dfsg.orig.tar.xz
ca13f521ff2042c1c0f25de37df701d6 190460 net optional
zabbix_3.0.6+dfsg-1.debian.tar.xz
8b7ffc27830dfc35662a4363fe7c48ad 536476 debug extra
zabbix-agent-dbgsym_3.0.6+dfsg-1_amd64.deb
ea32a9d94d62e56c0b13a5bf9db93263 398482 net optional
zabbix-agent_3.0.6+dfsg-1_amd64.deb
65ded924563c48119a2d76dc0035eb63 1942504 net optional
zabbix-frontend-php_3.0.6+dfsg-1_all.deb
1b133afc0cac2ea119fcec44d98ba3fc 241518 net optional
zabbix-java-gateway_3.0.6+dfsg-1_all.deb
95d68059b9e74e6dede2b2496a945bf6 1174466 debug extra
zabbix-proxy-mysql-dbgsym_3.0.6+dfsg-1_amd64.deb
aff232d169568f3b2d93b6c771d3fd48 685884 net optional
zabbix-proxy-mysql_3.0.6+dfsg-1_amd64.deb
a2485c2790d97a623c8ae3f4f99e0ebd 1173350 debug extra
zabbix-proxy-pgsql-dbgsym_3.0.6+dfsg-1_amd64.deb
13390c6a78ae4cfa7169bd7c2edb9ead 686060 net optional
zabbix-proxy-pgsql_3.0.6+dfsg-1_amd64.deb
5620018b7d6907c69e4aca24ea2b068f 1136934 debug extra
zabbix-proxy-sqlite3-dbgsym_3.0.6+dfsg-1_amd64.deb
66fb30829f8bf49df0f09a166da48bc0 671144 net optional
zabbix-proxy-sqlite3_3.0.6+dfsg-1_amd64.deb
0e12b58f4902010de03c5e846613d611 1264300 debug extra
zabbix-server-mysql-dbgsym_3.0.6+dfsg-1_amd64.deb
759abc5b0551bf5992054eb9f9261764 1864234 net optional
zabbix-server-mysql_3.0.6+dfsg-1_amd64.deb
0b04fdf4cb0b42d7347b75fc2a3c848a 1265630 debug extra
zabbix-server-pgsql-dbgsym_3.0.6+dfsg-1_amd64.deb
ed5d6ddaa894d348b8e581deb4c8c011 1864522 net optional
zabbix-server-pgsql_3.0.6+dfsg-1_amd64.deb
a9bfdb9c282fb2db2e448332c34dbce3 16038 net optional
zabbix_3.0.6+dfsg-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEULx8+TnSDCcqawZWUra72VOWjRsFAlhLYpkACgkQUra72VOW
jRuBow/+KuRvnD4yqb11Grma/0BkNPvbu3JUf8s+E9FLMQFWQbYlloX4so4XOIgQ
5l2zEhDzIapr+dP0Zxx7lK9D5baK5scxhBvClVnAfiKgfIiyd03IDd7T0dEp9iS0
cr/NHG5YEYsYYliwS0zFTlRNMSJU5C6SKr3PH6bsbB4iNApB5ynHeCG0IKC3GZJ0
hA6mjMUGC8priRHDlM+0v+2ZoW/NF5mzoB2XFvSuDkZMQB9pmBbLJ5Ehmcq6jKzc
Zyh+cAoMjrS2LL7UUmy0b7EwO7bXnVvAJFpFaav2lgUlb8Wa3pLQVyB7d5u2nFqo
nlkddknpMdtNwgZAygDCUjE00T5pTGfCCKxTDcAW/uRc2QInh2lvYvfYOHw7G4lb
J/4ne2Up4gvKvHmnsShrPARPtFcfz1REc0mF9COYp1T8fy0RB1xvSLXcCSxjyB1x
7vb6ARpIUrrALZUZ3JSAIJZ5w4OU2RwxpH8iIIusHIVBevKs7l9Hrk8DmvdHrmdQ
30leIGxcOCN2FEzNDb0Z5eVu4KodIiPmHUBeYT9I3QCeGihQc0opIgcTPhMnu3US
Uj7cRSMlj+t5SfWaYmw/+OlXmBju3FJNI4UUPs/1n5hxhJ9Qp+5qtXUK/6DLZlYe
oIJdwxDpQdADbDTN3KETsA0msoovi4U3ld24Ls9dTNtB7SRHKQA=
=qsYb
-----END PGP SIGNATURE-----
--- End Message ---
