Your message dated Sun, 06 Aug 2017 20:40:09 -0400 with message-id <1502066409.4042469.1065047896.1dfcf...@webmail.messagingengine.com> and subject line Re: zoneminder: CVE-2016-10140 has caused the Debian Bug report #851710, regarding zoneminder: CVE-2016-10140 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 851710: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851710 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Source: zoneminder Version: 1.30.0+dfsg-2 Severity: important Tags: security upstream patch Hi, the following vulnerability was published for zoneminder. CVE-2016-10140[0]: | Information disclosure and authentication bypass vulnerability exists | in the Apache HTTP Server configuration bundled with ZoneMinder | v1.30.0, which allows a remote unauthenticated attacker to browse all | directories in the web root, e.g., a remote unauthenticated attacker | can view all CCTV images on the server. The package then installs respectively /etc/apache2/conf-available/zoneminder.conf with the problematic settings. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-10140 [1] https://github.com/ZoneMinder/ZoneMinder/pull/1697 [2] https://github.com/ZoneMinder/ZoneMinder/commit/6361f143878ce00659f64ce42593951d773e4e63 [3] https://github.com/ZoneMinder/ZoneMinder/commit/aa0a4d1f5ad2c493f2bed175991e92c466ac3dc4 Regards, Salvatore
--- End Message ---
--- Begin Message ---Version: 1.30.4+dfsg-1 Hi, | Information disclosure and authentication bypass vulnerability exists | in the Apache HTTP Server configuration bundled with ZoneMinder | v1.30.0, which allows a remote unauthenticated attacker to browse all | directories in the web root, e.g., a remote unauthenticated attacker | can view all CCTV images on the server. Fix included in 1.30.4+dfsg-1 via upstream. Regards, -- ,''`. : :' : Chris Lamb, Debian Project Leader `. `'` [email protected] / chris-lamb.co.uk `-
--- End Message ---

