[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#740909: Bug#753503: opu: zabbix/1:1.8.2-1squeeze6

On Tue, 2014-07-08 at 20:45 +0200, Moritz Muehlenhoff wrote:
> On Tue, Jul 08, 2014 at 07:56:59PM +0100, Adam D. Barratt wrote:
[...]
> > We've also had a request to remove zabbix from squeeze, as it won't be
> > supported in squeeze-lts (#753503). We can't do both in the same point
> > release and the upcoming one will be the final point release for
> > squeeze.
> 
> If the Zabbix maintainers want to take care of Zabbix in squeeze-lts
> we can keep it. It should be noted that many more issues are unfixed
> in squeeze, so I'm still in favour of removal:
> 
> CVE-2011-2904	vulnerable	fixed	fixed	Cross-site scripting (XSS) vulnerability in acknow.php in Zabbix ...
> CVE-2011-4615	vulnerable	fixed	fixed	Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before ...
> CVE-2011-4674	vulnerable	fixed	fixed	SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, ...
> CVE-2011-5027	vulnerable	fixed	fixed	Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 ...
> CVE-2012-6086	vulnerable	fixed	fixed	libs/zbxmedia/eztexting.c in Zabbix 1.8.x before 1.8.18rc1, 2.0.x ..

zabbix maintainers: ping?

Assuming you'd be willing to support the package in -lts, the window for
us possibly accepting an update for the final squeeze point release
closes over the upcoming weekend, so we'll need a decision soon.

Regards,

Adam
Reply to: