Debian Bug report logs - #697443
zabbix: CVE-2012-6086: insecure curl usage

version graph

Package: zabbix; Maintainer for zabbix is Christoph Haas <>;

Reported by: Henri Salo <>

Date: Sat, 5 Jan 2013 13:06:04 UTC

Severity: important

Tags: security

Found in version 1:2.0.2+dfsg-4

Fixed in version zabbix/1:2.0.7+dfsg-1

Done: Dmitry Smirnov <>

Bug is archived. No further changes may be made.

Forwarded to

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to, Christoph Haas <>:
Bug#697443; Package zabbix. (Sat, 05 Jan 2013 13:06:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Henri Salo <>:
New Bug report received and forwarded. Copy sent to Christoph Haas <>. (Sat, 05 Jan 2013 13:06:07 GMT) Full text and rfc822 format available.

Message #5 received at (full text, mbox):

From: Henri Salo <>
Subject: zabbix: CVE-2012-6086: insecure curl usage
Date: Sat, 5 Jan 2013 15:03:48 +0200
Package: zabbix
Version: 1:2.0.2+dfsg-4
Severity: important
Tags: security

Please see:

zabbix-2.0.2/src/libs/zbxmedia/eztexting.c is still using curl insecure way.

- Henri Salo

Set Bug forwarded-to-address to ''. Request was from Dmitry Smirnov <> to (Sun, 06 Jan 2013 01:03:05 GMT) Full text and rfc822 format available.

Added tag(s) pending. Request was from Dmitry Smirnov <> to (Sat, 03 Aug 2013 08:39:04 GMT) Full text and rfc822 format available.

Message sent on to Henri Salo <>:
Bug#697443. (Sat, 03 Aug 2013 08:39:14 GMT) Full text and rfc822 format available.

Message #12 received at (full text, mbox):

From: Dmitry Smirnov <>
Subject: Bug#697443 tagged as pending
Date: Sat, 03 Aug 2013 08:35:06 +0000
tag 697443 pending

We believe that the bug #697443 you reported has been fixed in the Git
repository. You can see the commit message below and/or inspect the
commit contents at:;a=commitdiff;h=2955bce

(This message was generated automatically by
 'git-post-receive-tag-pending-commitmsg' hook).
commit 2955bce (HEAD, master)
Author: Dmitry Smirnov <>
Date:   Sat Aug 3 08:23:17 2013

    New "ZBX-5924.patch" to fix CVE-2012-6086 (Closes: #697443).

Reply sent to Dmitry Smirnov <>:
You have taken responsibility. (Sat, 03 Aug 2013 17:06:05 GMT) Full text and rfc822 format available.

Notification sent to Henri Salo <>:
Bug acknowledged by developer. (Sat, 03 Aug 2013 17:06:06 GMT) Full text and rfc822 format available.

Message #17 received at (full text, mbox):

From: Dmitry Smirnov <>
Subject: Bug#697443: fixed in zabbix 1:2.0.7+dfsg-1
Date: Sat, 03 Aug 2013 17:04:59 +0000
Source: zabbix
Source-Version: 1:2.0.7+dfsg-1

We believe that the bug you reported is fixed in the latest version of
zabbix, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Dmitry Smirnov <> (supplier of updated zabbix package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing

Hash: SHA1

Format: 1.8
Date: Sat, 03 Aug 2013 18:53:28 +1000
Source: zabbix
Binary: zabbix-agent zabbix-frontend-php zabbix-proxy-mysql zabbix-proxy-pgsql zabbix-proxy-sqlite3 zabbix-server-mysql zabbix-server-pgsql
Architecture: source amd64 all
Version: 1:2.0.7+dfsg-1
Distribution: unstable
Urgency: low
Maintainer: Christoph Haas <>
Changed-By: Dmitry Smirnov <>
 zabbix-agent - network monitoring solution - agent
 zabbix-frontend-php - network monitoring solution - PHP front-end
 zabbix-proxy-mysql - network monitoring solution - proxy (using MySQL)
 zabbix-proxy-pgsql - network monitoring solution - proxy (using PostgreSQL)
 zabbix-proxy-sqlite3 - network monitoring solution - proxy (using SQLite3)
 zabbix-server-mysql - network monitoring solution - server (using MySQL)
 zabbix-server-pgsql - network monitoring solution - server (using PostgreSQL)
Closes: 697443 718246
 zabbix (1:2.0.7+dfsg-1) unstable; urgency=low
   * New upstream release [July 2013].
   * New "ZBX-5924.patch" to fix CVE-2012-6086 (Closes: #697443).
   * Fixed proxy restart issue by adding PidFile to "zabbix_proxy.conf"
     (Closes: #718246).
 d0c23473e824eb6ebd50a8f0d14f11d1104bcf73 2472 zabbix_2.0.7+dfsg-1.dsc
 79022c9340d17952a6d2ada2cd9e8b95574e2dfd 5304104 zabbix_2.0.7+dfsg.orig.tar.xz
 5dcf44627722f2b7dbd81af370501b371ac4cfe9 32792 zabbix_2.0.7+dfsg-1.debian.tar.xz
 690bda95533f064787689133f502e5521572f470 267464 zabbix-agent_2.0.7+dfsg-1_amd64.deb
 7617b301ea6387eb47cbbb2ef7f46272addc8786 2322954 zabbix-frontend-php_2.0.7+dfsg-1_all.deb
 9f8439b38e728c4cc4ce98431e13a625ae50332d 448094 zabbix-proxy-mysql_2.0.7+dfsg-1_amd64.deb
 8be2d7b1a57b4035e302344bfa8c7f814f2467b4 447956 zabbix-proxy-pgsql_2.0.7+dfsg-1_amd64.deb
 8e4ebae0a3bc5de441c311620206f951aa1fb48a 424052 zabbix-proxy-sqlite3_2.0.7+dfsg-1_amd64.deb
 984d5ff9ea6f99547ad2e4b9ec4c0558ac6f48f9 1615954 zabbix-server-mysql_2.0.7+dfsg-1_amd64.deb
 270a8fa77c338553e261a8e0f4703cf948039e39 1616132 zabbix-server-pgsql_2.0.7+dfsg-1_amd64.deb
 99933fb202fe0c0ff7d74af0cb4aa760131393a1b26508bcb05386c28044a657 2472 zabbix_2.0.7+dfsg-1.dsc
 cf8b9f8bcfb143827d27643c4d77d3b110587dc7644b98d537fa7272547054bb 5304104 zabbix_2.0.7+dfsg.orig.tar.xz
 99eac097a8ec2ceca974c64b672ada36ff9d188faa8393090efa103270db896b 32792 zabbix_2.0.7+dfsg-1.debian.tar.xz
 ff68a4d0cfc1293e5a4951075b500fcfef9567712b11ef3707337830760c6a52 267464 zabbix-agent_2.0.7+dfsg-1_amd64.deb
 57aab32d132d41968822439a6d6b3ed2430ea8cbfae98b9527be1622d21a8769 2322954 zabbix-frontend-php_2.0.7+dfsg-1_all.deb
 d3ec5270b8340708083634a88081a8e4a8edb43351aed3c5da39b0771407968c 448094 zabbix-proxy-mysql_2.0.7+dfsg-1_amd64.deb
 0c00e640dfff5bb2b1ee8b54fb0ebdf99c1f76502f064a3115bba0d62b2f3570 447956 zabbix-proxy-pgsql_2.0.7+dfsg-1_amd64.deb
 d7dbe09dbb681803fd45a38dbd03ac59f4e44032ec2091482d0a9b41aa486cc2 424052 zabbix-proxy-sqlite3_2.0.7+dfsg-1_amd64.deb
 dc356f45f3ba7294185b971640dde7f5e8736197c413dacc098a6b5c6aa1a5d1 1615954 zabbix-server-mysql_2.0.7+dfsg-1_amd64.deb
 63e9165633865a27709cb613c5b12894b544ed90aff12c01d77c002d828b1539 1616132 zabbix-server-pgsql_2.0.7+dfsg-1_amd64.deb
 38eacc9758f7f85b8f984327b8f9072c 2472 net optional zabbix_2.0.7+dfsg-1.dsc
 eec2e362f3320e7708f95f18e963748c 5304104 net optional zabbix_2.0.7+dfsg.orig.tar.xz
 97ba4543df57f30e02b3f1a51fd128fe 32792 net optional zabbix_2.0.7+dfsg-1.debian.tar.xz
 f404dd186a7ba230a32977b3ae36b114 267464 net optional zabbix-agent_2.0.7+dfsg-1_amd64.deb
 76eeb8abcf5888eeb42d28e17cb99f22 2322954 net optional zabbix-frontend-php_2.0.7+dfsg-1_all.deb
 f3f7031c3190698dc32774913ef00990 448094 net optional zabbix-proxy-mysql_2.0.7+dfsg-1_amd64.deb
 527df43634d0571437fcc679f21e7a2d 447956 net optional zabbix-proxy-pgsql_2.0.7+dfsg-1_amd64.deb
 b4b632c90f097533309282a33edabf6d 424052 net optional zabbix-proxy-sqlite3_2.0.7+dfsg-1_amd64.deb
 204688fbeceabe857792791ea62830c1 1615954 net optional zabbix-server-mysql_2.0.7+dfsg-1_amd64.deb
 65475393b6923a45f10027e3e64e259e 1616132 net optional zabbix-server-pgsql_2.0.7+dfsg-1_amd64.deb

Version: GnuPG v1.4.14 (GNU/Linux)


Bug archived. Request was from Debbugs Internal Request <> to (Mon, 30 Sep 2013 07:31:20 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.

Debian bug tracking system administrator <>. Last modified: Thu Apr 24 08:04:35 2014; Machine Name:

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.