Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: opu
Tags: squeeze
Dear release team,
I'd like to deliver several security fixes to Zabbix in Squeeze.
(Security team advised to proceed through OPU "since the oldstable
point update happens very soon anyway and we have many other open
issues with higher priority").
Below is a new changelog section, full diff is attached.
Thank you.
~~~~
zabbix (1:1.8.2-1squeeze5) oldstable-proposed-updates; urgency=high
* CVE-2013-5743: fixed SQL injection vulnerability.
* CVE-2011-3263: prevent zabbix_agentd DoS attack with vfs.file.cksum.
* CVE-2011-3265/CVE-2011-3264: fixed possible path disclosure.
* CVE-2011-3265: added pop up field name parameter validation.
* CVE-2013-1364: fixed the ability to override LDAP configuration when
calling user.login via API (Closes: #698541).
* Refreshed "no-swf-clock" patch.
-- Dmitry Smirnov <onlyjob@debian.org> Tue, 08 Oct 2013 12:49:19 +1100
~~~~
--
Best wishes,
Dmitry Smirnov
GPG key : 4096R/53968D1B
Attachment:
zabbix_1.8.2-1squeeze5.diff.xz
Description: application/xz