CVE-2014-1685 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1685): The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Zabbix 2.0.12 and 2.2.3 just added to CVS. Will wait a few days to see if any bugs are opened before requesting stabilization and removing prior vulnerable stable builds. Zabbix 1.8.x is no longer in the tree and hasn't been for awhile.
I haven't seen any new bugs opened for the updated zabbix ebuilds over the last 2-3 weeks, so it is probably time to promote one of them to stable. My preference is to stabilize 2.0.12.
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
GLSA vote: no
GLSA Vote: No No GLSA needed Arches, Thank you for your work Maintainer(s), please drop the vulnerable version.
cleanup complete.
Maintainer(s), Thank you for cleanup! No GLSA - Closing Bug as Resolved