Summary: | <net-analyzer/zabbix-{2.2.13,3.0.3}: mysql.size shell command injection | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | alicef, mattm, patrick |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2016/05/04/13 | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2016-05-09 10:05:36 UTC
The first fixed 2.2.x version is v2.2.13 which already landed in the repository: https://gitweb.gentoo.org/repo/gentoo.git/commit/net-analyzer/zabbix?id=99ea38fda5baaac417f7415a271416620f9b060f The first fixed 3.0.x version is v3.0.3 which already landed in the repository: https://gitweb.gentoo.org/repo/gentoo.git/commit/net-analyzer/zabbix?id=56cbd8ee0fa157146ecac818080fcbf6f9f10af7 @ Maintainer(s): Please tell us how to proceed. Which v2.x and which v3.x version can be stabilized? All done. =net-analyzer/zabbix-2.2.15 is the current stable version in tree, no vulnerable version left. New GLSA created. This issue was resolved and addressed in GLSA 201612-42 at https://security.gentoo.org/glsa/201612-42 by GLSA coordinator Aaron Bauman (b-man). |