On Mon, Feb 25, 2013 at 12:28:33PM +0100, Salvatore Bonaccorso wrote:
On Thu, Feb 14, 2013 at 11:35:31AM -0800, Vagrant Cascadian wrote:
Anything more needed for the security team? Which queue should it be
uploaded to?
Apologies for the delay. Could you also adress #700912 (CVE-2013-0332)
Hi Vagrant and Peter
On Thu, Feb 14, 2013 at 11:35:31AM -0800, Vagrant Cascadian wrote:
Anything more needed for the security team? Which queue should it be
uploaded to?
Apologies for the delay. Could you also adress #700912 (CVE-2013-0332)
for the stable-security update.
I think we can
Hi
(Hmm, strange I have not recieved this followup)
On Thu, Feb 14, 2013 at 11:35:31AM -0800, Vagrant Cascadian wrote:
Which allowed a shell accessible via netcat on port 1337 with the version
present in squeeze (1.24.2-8).
With a package built with the patch applied, I was not able to
On Mon, Feb 11, 2013 at 03:29:05PM -0800, Vagrant Cascadian wrote:
On Mon, Feb 11, 2013 at 11:41:13PM +0100, Moritz Mühlenhoff wrote:
On Mon, Feb 11, 2013 at 11:03:32PM +0100, Salvatore Bonaccorso wrote:
On Sun, Feb 10, 2013 at 10:25:27AM -0500, James McCoy wrote:
On Sun, Jan 27, 2013 at
Hi
On Sun, Feb 10, 2013 at 10:25:27AM -0500, James McCoy wrote:
On Sun, Jan 27, 2013 at 05:43:13PM +0100, Salvatore Bonaccorso wrote:
Some additional information: In most usual cases where zoneminder is
set up, there should be authentication first. So this limits somehow
the vulnerability.
On Mon, Feb 11, 2013 at 11:03:32PM +0100, Salvatore Bonaccorso wrote:
Hi
On Sun, Feb 10, 2013 at 10:25:27AM -0500, James McCoy wrote:
On Sun, Jan 27, 2013 at 05:43:13PM +0100, Salvatore Bonaccorso wrote:
Some additional information: In most usual cases where zoneminder is
set up, there
On Mon, 2013-02-11 at 23:03 +0100, Salvatore Bonaccorso wrote:
Hi
On Sun, Feb 10, 2013 at 10:25:27AM -0500, James McCoy wrote:
On Sun, Jan 27, 2013 at 05:43:13PM +0100, Salvatore Bonaccorso wrote:
Some additional information: In most usual cases where zoneminder is
set up, there should
On Mon, Feb 11, 2013 at 11:41:13PM +0100, Moritz Mühlenhoff wrote:
On Mon, Feb 11, 2013 at 11:03:32PM +0100, Salvatore Bonaccorso wrote:
On Sun, Feb 10, 2013 at 10:25:27AM -0500, James McCoy wrote:
On Sun, Jan 27, 2013 at 05:43:13PM +0100, Salvatore Bonaccorso wrote:
...
The patches look
Processing control commands:
tag -1 patch
Bug #698910 [src:zoneminder] zoneminder: CVE-2013-0232: arbitrary command
execution vulnerability
Added tag(s) patch.
--
698910: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698910
Debian Bug Tracking System
Contact ow...@bugs.debian.org with
Control: tag -1 patch
On Sun, Jan 27, 2013 at 05:43:13PM +0100, Salvatore Bonaccorso wrote:
Some additional information: In most usual cases where zoneminder is
set up, there should be authentication first. So this limits somehow
the vulnerability.
The attached patch should address the issue,
Hi James
Disclaimer: Only did a quick check.
On Sun, Feb 10, 2013 at 10:25:27AM -0500, James McCoy wrote:
Control: tag -1 patch
On Sun, Jan 27, 2013 at 05:43:13PM +0100, Salvatore Bonaccorso wrote:
Some additional information: In most usual cases where zoneminder is
set up, there should
Some additional information: In most usual cases where zoneminder is
set up, there should be authentication first. So this limits somehow
the vulnerability.
There is also a forum post on this, but still witout reply:
http://www.zoneminder.com/forums/viewtopic.php?f=29t=20771
Regards,
Source: zoneminder
Severity: grave
Tags: security
Justification: user security hole
Hi
The following arbitrary command execution vulnerability was disclosed
for zoneminder:
http://itsecuritysolutions.org/2013-01-22-ZoneMinder-Video-Server-arbitrary-command-execution-vulnerability/
Regards,
13 matches
Mail list logo