Debian Bug report logs - #697443
zabbix: CVE-2012-6086: insecure curl usage

version graph

Package: zabbix; Maintainer for zabbix is Christoph Haas <haas@debian.org>;

Reported by: Henri Salo <henri@nerv.fi>

Date: Sat, 5 Jan 2013 13:06:04 UTC

Severity: important

Tags: security

Found in version 1:2.0.2+dfsg-4

Fixed in version zabbix/1:2.0.7+dfsg-1

Done: Dmitry Smirnov <onlyjob@debian.org>

Bug is archived. No further changes may be made.

Forwarded to https://support.zabbix.com/browse/ZBX-5924

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Christoph Haas <haas@debian.org>:
Bug#697443; Package zabbix. (Sat, 05 Jan 2013 13:06:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Henri Salo <henri@nerv.fi>:
New Bug report received and forwarded. Copy sent to Christoph Haas <haas@debian.org>. (Sat, 05 Jan 2013 13:06:07 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Henri Salo <henri@nerv.fi>
To: submit@bugs.debian.org
Subject: zabbix: CVE-2012-6086: insecure curl usage
Date: Sat, 5 Jan 2013 15:03:48 +0200
Package: zabbix
Version: 1:2.0.2+dfsg-4
Severity: important
Tags: security

Please see: https://support.zabbix.com/browse/ZBX-5924

zabbix-2.0.2/src/libs/zbxmedia/eztexting.c is still using curl insecure way.

- Henri Salo



Set Bug forwarded-to-address to 'https://support.zabbix.com/browse/ZBX-5924'. Request was from Dmitry Smirnov <onlyjob@member.fsf.org> to control@bugs.debian.org. (Sun, 06 Jan 2013 01:03:05 GMT) Full text and rfc822 format available.

Added tag(s) pending. Request was from Dmitry Smirnov <onlyjob@member.fsf.org> to control@bugs.debian.org. (Sat, 03 Aug 2013 08:39:04 GMT) Full text and rfc822 format available.

Message sent on to Henri Salo <henri@nerv.fi>:
Bug#697443. (Sat, 03 Aug 2013 08:39:14 GMT) Full text and rfc822 format available.

Message #12 received at 697443-submitter@bugs.debian.org (full text, mbox):

From: Dmitry Smirnov <onlyjob@member.fsf.org>
To: 697443-submitter@bugs.debian.org
Subject: Bug#697443 tagged as pending
Date: Sat, 03 Aug 2013 08:35:06 +0000
tag 697443 pending
--

We believe that the bug #697443 you reported has been fixed in the Git
repository. You can see the commit message below and/or inspect the
commit contents at:

    http://anonscm.debian.org/gitweb/?p=collab-maint/zabbix.git;a=commitdiff;h=2955bce

(This message was generated automatically by
 'git-post-receive-tag-pending-commitmsg' hook).
---
commit 2955bce (HEAD, master)
Author: Dmitry Smirnov <onlyjob@member.fsf.org>
Date:   Sat Aug 3 08:23:17 2013

    New "ZBX-5924.patch" to fix CVE-2012-6086 (Closes: #697443).



Reply sent to Dmitry Smirnov <onlyjob@debian.org>:
You have taken responsibility. (Sat, 03 Aug 2013 17:06:05 GMT) Full text and rfc822 format available.

Notification sent to Henri Salo <henri@nerv.fi>:
Bug acknowledged by developer. (Sat, 03 Aug 2013 17:06:06 GMT) Full text and rfc822 format available.

Message #17 received at 697443-close@bugs.debian.org (full text, mbox):

From: Dmitry Smirnov <onlyjob@debian.org>
To: 697443-close@bugs.debian.org
Subject: Bug#697443: fixed in zabbix 1:2.0.7+dfsg-1
Date: Sat, 03 Aug 2013 17:04:59 +0000
Source: zabbix
Source-Version: 1:2.0.7+dfsg-1

We believe that the bug you reported is fixed in the latest version of
zabbix, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 697443@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dmitry Smirnov <onlyjob@debian.org> (supplier of updated zabbix package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 03 Aug 2013 18:53:28 +1000
Source: zabbix
Binary: zabbix-agent zabbix-frontend-php zabbix-proxy-mysql zabbix-proxy-pgsql zabbix-proxy-sqlite3 zabbix-server-mysql zabbix-server-pgsql
Architecture: source amd64 all
Version: 1:2.0.7+dfsg-1
Distribution: unstable
Urgency: low
Maintainer: Christoph Haas <haas@debian.org>
Changed-By: Dmitry Smirnov <onlyjob@debian.org>
Description: 
 zabbix-agent - network monitoring solution - agent
 zabbix-frontend-php - network monitoring solution - PHP front-end
 zabbix-proxy-mysql - network monitoring solution - proxy (using MySQL)
 zabbix-proxy-pgsql - network monitoring solution - proxy (using PostgreSQL)
 zabbix-proxy-sqlite3 - network monitoring solution - proxy (using SQLite3)
 zabbix-server-mysql - network monitoring solution - server (using MySQL)
 zabbix-server-pgsql - network monitoring solution - server (using PostgreSQL)
Closes: 697443 718246
Changes: 
 zabbix (1:2.0.7+dfsg-1) unstable; urgency=low
 .
   * New upstream release [July 2013].
   * New "ZBX-5924.patch" to fix CVE-2012-6086 (Closes: #697443).
   * Fixed proxy restart issue by adding PidFile to "zabbix_proxy.conf"
     (Closes: #718246).
Checksums-Sha1: 
 d0c23473e824eb6ebd50a8f0d14f11d1104bcf73 2472 zabbix_2.0.7+dfsg-1.dsc
 79022c9340d17952a6d2ada2cd9e8b95574e2dfd 5304104 zabbix_2.0.7+dfsg.orig.tar.xz
 5dcf44627722f2b7dbd81af370501b371ac4cfe9 32792 zabbix_2.0.7+dfsg-1.debian.tar.xz
 690bda95533f064787689133f502e5521572f470 267464 zabbix-agent_2.0.7+dfsg-1_amd64.deb
 7617b301ea6387eb47cbbb2ef7f46272addc8786 2322954 zabbix-frontend-php_2.0.7+dfsg-1_all.deb
 9f8439b38e728c4cc4ce98431e13a625ae50332d 448094 zabbix-proxy-mysql_2.0.7+dfsg-1_amd64.deb
 8be2d7b1a57b4035e302344bfa8c7f814f2467b4 447956 zabbix-proxy-pgsql_2.0.7+dfsg-1_amd64.deb
 8e4ebae0a3bc5de441c311620206f951aa1fb48a 424052 zabbix-proxy-sqlite3_2.0.7+dfsg-1_amd64.deb
 984d5ff9ea6f99547ad2e4b9ec4c0558ac6f48f9 1615954 zabbix-server-mysql_2.0.7+dfsg-1_amd64.deb
 270a8fa77c338553e261a8e0f4703cf948039e39 1616132 zabbix-server-pgsql_2.0.7+dfsg-1_amd64.deb
Checksums-Sha256: 
 99933fb202fe0c0ff7d74af0cb4aa760131393a1b26508bcb05386c28044a657 2472 zabbix_2.0.7+dfsg-1.dsc
 cf8b9f8bcfb143827d27643c4d77d3b110587dc7644b98d537fa7272547054bb 5304104 zabbix_2.0.7+dfsg.orig.tar.xz
 99eac097a8ec2ceca974c64b672ada36ff9d188faa8393090efa103270db896b 32792 zabbix_2.0.7+dfsg-1.debian.tar.xz
 ff68a4d0cfc1293e5a4951075b500fcfef9567712b11ef3707337830760c6a52 267464 zabbix-agent_2.0.7+dfsg-1_amd64.deb
 57aab32d132d41968822439a6d6b3ed2430ea8cbfae98b9527be1622d21a8769 2322954 zabbix-frontend-php_2.0.7+dfsg-1_all.deb
 d3ec5270b8340708083634a88081a8e4a8edb43351aed3c5da39b0771407968c 448094 zabbix-proxy-mysql_2.0.7+dfsg-1_amd64.deb
 0c00e640dfff5bb2b1ee8b54fb0ebdf99c1f76502f064a3115bba0d62b2f3570 447956 zabbix-proxy-pgsql_2.0.7+dfsg-1_amd64.deb
 d7dbe09dbb681803fd45a38dbd03ac59f4e44032ec2091482d0a9b41aa486cc2 424052 zabbix-proxy-sqlite3_2.0.7+dfsg-1_amd64.deb
 dc356f45f3ba7294185b971640dde7f5e8736197c413dacc098a6b5c6aa1a5d1 1615954 zabbix-server-mysql_2.0.7+dfsg-1_amd64.deb
 63e9165633865a27709cb613c5b12894b544ed90aff12c01d77c002d828b1539 1616132 zabbix-server-pgsql_2.0.7+dfsg-1_amd64.deb
Files: 
 38eacc9758f7f85b8f984327b8f9072c 2472 net optional zabbix_2.0.7+dfsg-1.dsc
 eec2e362f3320e7708f95f18e963748c 5304104 net optional zabbix_2.0.7+dfsg.orig.tar.xz
 97ba4543df57f30e02b3f1a51fd128fe 32792 net optional zabbix_2.0.7+dfsg-1.debian.tar.xz
 f404dd186a7ba230a32977b3ae36b114 267464 net optional zabbix-agent_2.0.7+dfsg-1_amd64.deb
 76eeb8abcf5888eeb42d28e17cb99f22 2322954 net optional zabbix-frontend-php_2.0.7+dfsg-1_all.deb
 f3f7031c3190698dc32774913ef00990 448094 net optional zabbix-proxy-mysql_2.0.7+dfsg-1_amd64.deb
 527df43634d0571437fcc679f21e7a2d 447956 net optional zabbix-proxy-pgsql_2.0.7+dfsg-1_amd64.deb
 b4b632c90f097533309282a33edabf6d 424052 net optional zabbix-proxy-sqlite3_2.0.7+dfsg-1_amd64.deb
 204688fbeceabe857792791ea62830c1 1615954 net optional zabbix-server-mysql_2.0.7+dfsg-1_amd64.deb
 65475393b6923a45f10027e3e64e259e 1616132 net optional zabbix-server-pgsql_2.0.7+dfsg-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJR/MeqAAoJEFK2u9lTlo0bUdAP/R47bFXU2LGLQVEXdXCjt40D
W4J5aVwE6db2Gf0qr98zQh0mpEjKSFop+QsDdGrP9leSkZhgWenqIR8ulZGOmvW4
lZx94vb8mz6ZKAXyWhyenFuGre6E39NZw19uutxxfUt9kFaDZI6hGqZ7Xd0pYzsI
nBdmsAl0iMmGU2uXVEV4QTPW5/6VJP5GNcMop+2X40C0heQCBKMKjeZuHJvPqdiP
a4OtvJh/gMhsuzQ2qSwoL0b7VFI7HD+B7X7M2tgv7UytZeqeZbwBx9Muhi1XLRGG
44bja1JQJrF4JG+ud40wdQlm89l3lPA1iH68tAEeQEvd14nm7rZdAjddrRM46vd/
ntPM7imwWkvcrgGVKFVXg3ZcUNHaqjvJSJHEHRg8tmDuMV7nBRGGuUWk+lOLnqY6
YngiOPkxtdcT+h8Nb3J/YpAMy8W23EWCCwoggUpfF4TQRsFKYislED101MezqjFp
Ot7acKI/7Nns9KGn3ECc3zUIHpdkRzfTgdVO7j2X2JTWtoAeiEbIMfOENhhOKXOk
dhScg7Qvkq6OR+SGRZ43lPXHFvbN/v9/vylPkDnAwUTf1ChwV1ih93OQDDbywtrY
XEza5gV0MoChggOY2l02u4yopmKWgS+YL4nhBFsaoqbqnffO9QZvEhPbeAWKTsOJ
LSLQbiYSTkhKym6U0oWN
=gmfi
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 30 Sep 2013 07:31:20 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 24 08:04:35 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.