Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: opu Tags: squeeze Dear release team, I'd like to deliver several security fixes to Zabbix in Squeeze. (Security team advised to proceed through OPU "since the oldstable point update happens very soon anyway and we have many other open issues with higher priority"). Below is a new changelog section, full diff is attached. Thank you. ~~~~ zabbix (1:1.8.2-1squeeze5) oldstable-proposed-updates; urgency=high * CVE-2013-5743: fixed SQL injection vulnerability. * CVE-2011-3263: prevent zabbix_agentd DoS attack with vfs.file.cksum. * CVE-2011-3265/CVE-2011-3264: fixed possible path disclosure. * CVE-2011-3265: added pop up field name parameter validation. * CVE-2013-1364: fixed the ability to override LDAP configuration when calling user.login via API (Closes: #698541). * Refreshed "no-swf-clock" patch. -- Dmitry Smirnov <onlyjob@debian.org> Tue, 08 Oct 2013 12:49:19 +1100 ~~~~ -- Best wishes, Dmitry Smirnov GPG key : 4096R/53968D1B
Attachment:
zabbix_1.8.2-1squeeze5.diff.xz
Description: application/xz