Your message dated Thu, 24 Jan 2013 02:48:01 +0000 with message-id <e1tycrb-0004up...@franck.debian.org> and subject line Bug#698541: fixed in zabbix 1:2.0.4+dfsg-2 has caused the Debian Bug report #698541, regarding zabbix: CVE-2013-1364: possible to override LDAP configuration parameters via the API to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 698541: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698541 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: zabbix Severity: grave Tags: security Justification: user security hole -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, the following vulnerability was published for zabbix. CVE-2013-1364[0]: possible to override LDAP configuration parameters via the API If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://security-tracker.debian.org/tracker/CVE-2013-1364 Please adjust the affected versions in the BTS as needed. Patches are available on the upstream BTS[1]. [1] https://support.zabbix.com/browse/ZBX-6097 Could you check if Debian package is affected, and in case also adjust severity. Regards, Salvatore -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJQ+5u3AAoJEHidbwV/2GP+afQP+QGzyhyAvYzuA13XM57DUR4u 0yLkKRT1tGoP2nQwkRS/9R0arVFMTLYNQZp4MpNl7udCmlIcY6ZKcq/AZBUWm0cW PgZr+axcFxya7RXXa48OW+i53nrhVvqt7IYHf9ibC2VbsMebDEVpKNCLp7PpC2gE mEvHtDZJmr3qX+LoEH+Rz/mREAchgD2KSA01Fb0vmSPZmDNnzbHygD8LfsMULB0w 2d9XCusg1FqMQHZT8U5z2L4H78JvR90e+z2t48818NUWKHblGxpZ4hNuF9C0mczy EKqtKKIF/REvyQIm0d5dt9Li3jxixzft8+hDjLtiIkfn42FO+FWsdJKkSkO6xfUI EHNKy1ALjnz97jh09f8boas28h74I/aORpuYZESDirlL+scdKy9FTyKo8ftIQQMd q89N4sr/lrmSnrC2wUJdsb7BvILxcTPA+/KYTZsAfsi4oVF+F1AYviThTk3eI6yW 6TkARNZcqrrSvdCG+J/nP1m8TaiKcQ22cfRNxXoL2xDxMF3x5d8WCqJa2Kzzp4yS LcECw4JRtgQTTsAarLo2qmscacKjcSQ6DkQVgOSr99KJi0RnS7mNrz9Ve5O4yU2T E3vncfJMZBIgRa1foH8vmOWpp9T9RwM8bVH2uWGOBfrjkiWDeZdbLWTn6MWtkrCW uy3uR7x4nwX/B+XKHZ3A =0nFY -----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---Source: zabbix Source-Version: 1:2.0.4+dfsg-2 We believe that the bug you reported is fixed in the latest version of zabbix, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 698...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dmitry Smirnov <only...@member.fsf.org> (supplier of updated zabbix package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 20 Jan 2013 20:01:39 +1100 Source: zabbix Binary: zabbix-agent zabbix-frontend-php zabbix-proxy-mysql zabbix-proxy-pgsql zabbix-proxy-sqlite3 zabbix-server-mysql zabbix-server-pgsql Architecture: source amd64 all Version: 1:2.0.4+dfsg-2 Distribution: unstable Urgency: low Maintainer: Christoph Haas <h...@debian.org> Changed-By: Dmitry Smirnov <only...@member.fsf.org> Description: zabbix-agent - network monitoring solution - agent zabbix-frontend-php - network monitoring solution - PHP front-end zabbix-proxy-mysql - network monitoring solution - proxy (using MySQL) zabbix-proxy-pgsql - network monitoring solution - proxy (using PostgreSQL) zabbix-proxy-sqlite3 - network monitoring solution - proxy (using SQLite3) zabbix-server-mysql - network monitoring solution - server (using MySQL) zabbix-server-pgsql - network monitoring solution - server (using PostgreSQL) Closes: 698541 Changes: zabbix (1:2.0.4+dfsg-2) unstable; urgency=low . * CVE-2013-1364: fixed the ability to override LDAP configuration when calling user.login via API (Closes: #698541). * Updated VCS links. * Minor copyright years update. Checksums-Sha1: 52b2769f6a57d2c6bebd2e58baa3eecfc3078c04 2587 zabbix_2.0.4+dfsg-2.dsc dab910475f7675941088b9143c449ff3cb871112 31388 zabbix_2.0.4+dfsg-2.debian.tar.xz e77b5cc5148569dddfdf139b2dd5c47e1de8fbba 261296 zabbix-agent_2.0.4+dfsg-2_amd64.deb 75ea9424a7eb5735de9c5fc4bdc3300adc258820 2221002 zabbix-frontend-php_2.0.4+dfsg-2_all.deb f7c7872199379185655bc769a6f0884bf93d5f0e 433424 zabbix-proxy-mysql_2.0.4+dfsg-2_amd64.deb 4cc88d1143a501d4a9bc90f3cf79501a99050812 434282 zabbix-proxy-pgsql_2.0.4+dfsg-2_amd64.deb 344cb6377f279dbf53f63d573cb5dc865a687772 409316 zabbix-proxy-sqlite3_2.0.4+dfsg-2_amd64.deb 1112bd8a06b58d9eb5ebcd822ac75d8e0060f3c6 1600692 zabbix-server-mysql_2.0.4+dfsg-2_amd64.deb e9a29ed3791c1244930e0449cc455c0e7d5e8c46 1599856 zabbix-server-pgsql_2.0.4+dfsg-2_amd64.deb Checksums-Sha256: 32ceb28a1f004413707c52f8842d7d1e94b3de276e401304531feb3ea90a781c 2587 zabbix_2.0.4+dfsg-2.dsc 0be852b44879972555e0a62d180f07d727639ec6acfaf1d7580cfb3447a897c6 31388 zabbix_2.0.4+dfsg-2.debian.tar.xz 4ea52cc5a80e2792e91a0c11c7e34cc885c87781494365297500275ef7449fe0 261296 zabbix-agent_2.0.4+dfsg-2_amd64.deb 790a08b1de7085a030c93942ebb88d2817623111501ac97e77ad48368636c517 2221002 zabbix-frontend-php_2.0.4+dfsg-2_all.deb 4b75ed3fdd163223270527279447027082bc2661047e64d75f4033047332cf32 433424 zabbix-proxy-mysql_2.0.4+dfsg-2_amd64.deb 7413eee3173a279c4c56be6fae481155b9de17bcd4c8d29ceecbf469c381d56d 434282 zabbix-proxy-pgsql_2.0.4+dfsg-2_amd64.deb 660850a9fd5a95f881ef0903a03681ac65e685516b2969ea78b0ff195fbd0ae6 409316 zabbix-proxy-sqlite3_2.0.4+dfsg-2_amd64.deb 0f5b88b4d5f083c60af98bb471f11947064ae874ff386a56ccc0cd54a6b1331f 1600692 zabbix-server-mysql_2.0.4+dfsg-2_amd64.deb f0429883d8958c3d1bee29a3a30d0ba690ece2310bb24e9e7b0d301b2273b1f9 1599856 zabbix-server-pgsql_2.0.4+dfsg-2_amd64.deb Files: b09ee057766aedf95a7e266fb167c913 2587 net optional zabbix_2.0.4+dfsg-2.dsc 11263413db4f9203fcc26c76e39f9337 31388 net optional zabbix_2.0.4+dfsg-2.debian.tar.xz 51b78092263eb994210ffc8a21b2b9b4 261296 net optional zabbix-agent_2.0.4+dfsg-2_amd64.deb 0060e74f300d18537267cc3e42a70556 2221002 net optional zabbix-frontend-php_2.0.4+dfsg-2_all.deb d4ca9c05bbe1d866132a287384a39ca8 433424 net optional zabbix-proxy-mysql_2.0.4+dfsg-2_amd64.deb 4c8bedf504bfc26db318d3f77b164883 434282 net optional zabbix-proxy-pgsql_2.0.4+dfsg-2_amd64.deb 0d1e37e8bba73764df1e3233f2d7a6c3 409316 net optional zabbix-proxy-sqlite3_2.0.4+dfsg-2_amd64.deb 627c1a1ac9a082f521ab6f8945b278d7 1600692 net optional zabbix-server-mysql_2.0.4+dfsg-2_amd64.deb 37a550103c2946b848b10ef141df7444 1599856 net optional zabbix-server-pgsql_2.0.4+dfsg-2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJRAJPsAAoJEFK2u9lTlo0byN8P/2K2pj/swEML6Yv5q70qJiO5 slz/sguXHJ4kfRf5wvrkWq51W+947IFvR5bnJNV6jWgkhkmrCC27lN0GH4cKNBCt X7GPzzrcvn0EYind/k8iCO2CYeDcuHN9ttBT9v6DAlDFfTjPOKv0nAbFXBOeZiEq zwzhXmg6b1j0FYr3RuYycfBctq/ESUeiaWLROMw9ZAXmQzomrIhHL0EYIEqRjwp8 Jd2ZkV3BK169Qc0LDO2B61C2VPmapVrDIUXZ7BoBj/09/WK0kpxdRgkrsNqIO+QK 6qORLI0jOr/srjpBs1FD0eKQq8zksQSdwrUao2/DVbBeVIj3w80vy9Gwl+fwo4KU Mh/KAb1U4G6+QSLGy+VVrlpKMvX9hOmLczC8meeYkUxW7K+hxDhG3mqlgv1zB/Cx TDGcTHz9kAso1W62rKOixn9+yNcnAC4zNWlQ77TBh11sjsfdhWZqJeXMb7NkqBzU 5QCPNtl4QI6LCAf+Yvs84O+z8FSvdSbRM7JJdYMy3gw9pqUvwUSuQxKqf4v3/YCL fbuVj02Aj864FIgwPL2dKOcFbkkFIXpicc3dnQRdl3t7s5HgYCUImvQn+eKRCNkA ObePePLZHuWFfy3AG6O9eWIrQOM/ZLK6areDvfBKTat7gZ/PPpcYmgOvP61I1dyq 6ShjB2XfZtR83Z8/2/au =9SF3 -----END PGP SIGNATURE-----
--- End Message ---
