Bug#740909: Bug#753503: opu: zabbix/1:1.8.2-1squeeze6
On Tue, 2014-07-08 at 20:45 +0200, Moritz Muehlenhoff wrote:
> On Tue, Jul 08, 2014 at 07:56:59PM +0100, Adam D. Barratt wrote:
[...]
> > We've also had a request to remove zabbix from squeeze, as it won't be
> > supported in squeeze-lts (#753503). We can't do both in the same point
> > release and the upcoming one will be the final point release for
> > squeeze.
>
> If the Zabbix maintainers want to take care of Zabbix in squeeze-lts
> we can keep it. It should be noted that many more issues are unfixed
> in squeeze, so I'm still in favour of removal:
>
> CVE-2011-2904 vulnerable fixed fixed Cross-site scripting (XSS) vulnerability in acknow.php in Zabbix ...
> CVE-2011-4615 vulnerable fixed fixed Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before ...
> CVE-2011-4674 vulnerable fixed fixed SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, ...
> CVE-2011-5027 vulnerable fixed fixed Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 ...
> CVE-2012-6086 vulnerable fixed fixed libs/zbxmedia/eztexting.c in Zabbix 1.8.x before 1.8.18rc1, 2.0.x ..
zabbix maintainers: ping?
Assuming you'd be willing to support the package in -lts, the window for
us possibly accepting an update for the final squeeze point release
closes over the upcoming weekend, so we'll need a decision soon.
Regards,
Adam
Reply to: