Bug 163691 - [vulnerable] please, update net-mgmt/zabbix-server to 1.8.10
Summary: [vulnerable] please, update net-mgmt/zabbix-server to 1.8.10
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Chris Rees
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-12-29 06:40 UTC by timp87
Modified: 2011-12-30 19:40 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description timp87 2011-12-29 06:40:06 UTC
Current zabbix ports version is vulnerable.
Please, update it to latest release http://www.zabbix.com/rn1.8.10.php.
See '[ZBX-4015] fixed multiple XSS issues' PR.
Comment 1 Edwin Groothuis freebsd_committer 2011-12-29 11:00:28 UTC
Maintainer of net-mgmt/zabbix-server,

Please note that PR ports/163691 has just been submitted.

If it contains a patch for an upgrade, an enhancement or a bug fix
you agree on, reply to this email stating that you approve the patch
and a committer will take care of it.

The full text of the PR can be found at:
    http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/163691

-- 
Edwin Groothuis via the GNATS Auto Assign Tool
edwin@FreeBSD.org
Comment 2 Edwin Groothuis freebsd_committer 2011-12-29 11:00:32 UTC
State Changed
From-To: open->feedback

Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Comment 3 dfilter service freebsd_committer 2011-12-29 11:19:43 UTC
crees       2011-12-29 11:19:26 UTC

  FreeBSD ports repository

  Modified files:
    net-mgmt/zabbix-frontend Makefile 
  Log:
  Mark FORBIDDEN; multiple XSS vulnerabilities
  
  PR:             ports/163691
  Submitted by:   Pavel Timofeev <timp87@gmail.com>
  Obtained from:  https://support.zabbix.com/browse/ZBX-4015
  Security:       ZBX-4015
  
  Revision  Changes    Path
  1.5       +2 -0      ports/net-mgmt/zabbix-frontend/Makefile
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 4 dfilter service freebsd_committer 2011-12-29 13:04:37 UTC
crees       2011-12-29 13:04:24 UTC

  FreeBSD ports repository

  Modified files:
    security/vuxml       vuln.xml 
  Log:
  Document XSS vulnerability in net-mgmt/zabbix-frontend
  
  PR:             ports/163691
  Obtained from:  https://support.zabbix.com/browse/ZBX-4015
  Security:       ZBX-4015
  
  Revision  Changes    Path
  1.2531    +27 -1     ports/security/vuxml/vuln.xml
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 5 Jim Riggs 2011-12-29 13:33:40 UTC
>Submitter-Id:	current-users
>Originator:	Jim Riggs
>Organization:	
>Confidential:	no 
>Synopsis:	Re: ports/163691: [vulnerable] please, update net-mgmt/zabbix-server to 1.8.10
>Severity:	non-critical
>Priority:	low
>Category:	ports 
>Class:		maintainer-update
>Release:	FreeBSD 8.2-RELEASE amd64
>Environment:
System: FreeBSD packagebuild.peace.daveramsey.com 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Thu Feb 17 02:41:51 UTC 2011
>Description:
- Update to 1.8.10

Generated with FreeBSD Port Tools 0.99
>How-To-Repeat:
>Fix:

--- zabbix-server-1.8.10,2.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/net-mgmt/zabbix-server/Makefile /root/zabbix-server/Makefile
--- /usr/ports/net-mgmt/zabbix-server/Makefile	2011-10-14 20:26:34.000000000 -0500
+++ /root/zabbix-server/Makefile	2011-12-29 07:17:52.580751271 -0600
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	zabbix
-PORTVERSION=	1.8.8
+PORTVERSION=	1.8.10
 PORTEPOCH=	2
 CATEGORIES=	net-mgmt
 MASTER_SITES=	SF/zabbix/ZABBIX%20Latest%20Stable/${PORTVERSION}
@@ -48,8 +48,6 @@
 CONFIGURE_ARGS+=	--enable-${ZABBIX_BUILD}
 
 .if ${ZABBIX_BUILD} != "agent"
-CPPFLAGS+=	-I${LOCALBASE}/include
-CONFIGURE_ENV+=	LDFLAGS="-L${LOCALBASE}/lib"
 LIB_DEPENDS=	netsnmp:${PORTSDIR}/net-mgmt/net-snmp \
 		execinfo:${PORTSDIR}/devel/libexecinfo
 
diff -ruN --exclude=CVS /usr/ports/net-mgmt/zabbix-server/distinfo /root/zabbix-server/distinfo
--- /usr/ports/net-mgmt/zabbix-server/distinfo	2011-10-14 20:26:34.000000000 -0500
+++ /root/zabbix-server/distinfo	2011-12-29 07:16:16.306217215 -0600
@@ -1,2 +1,2 @@
-SHA256 (zabbix-1.8.8.tar.gz) = 25eded2536213cf1c75631f2becf46349b915dd8782698f5b2936f5abb7eeb99
-SIZE (zabbix-1.8.8.tar.gz) = 4213181
+SHA256 (zabbix-1.8.10.tar.gz) = d965d23f2ce8c7ddee7a1532863a208fae28958e3fc0871e0229ffa06f88a54b
+SIZE (zabbix-1.8.10.tar.gz) = 4217417
diff -ruN --exclude=CVS /usr/ports/net-mgmt/zabbix-server/pkg-plist.frontend /root/zabbix-server/pkg-plist.frontend
--- /usr/ports/net-mgmt/zabbix-server/pkg-plist.frontend	2011-10-14 20:26:34.000000000 -0500
+++ /root/zabbix-server/pkg-plist.frontend	2011-12-29 07:26:44.520198505 -0600
@@ -25,6 +25,7 @@
 %%WWWDIR%%/api/classes/class.cmediatype.php
 %%WWWDIR%%/api/classes/class.cproxy.php
 %%WWWDIR%%/api/classes/class.cscreen.php
+%%WWWDIR%%/api/classes/class.cscreenitem.php
 %%WWWDIR%%/api/classes/class.cscript.php
 %%WWWDIR%%/api/classes/class.ctemplate.php
 %%WWWDIR%%/api/classes/class.ctrigger.php
@@ -427,8 +428,6 @@
 %%WWWDIR%%/styles/div.css
 %%WWWDIR%%/styles/form.css
 %%WWWDIR%%/styles/ie.css
-%%WWWDIR%%/styles/ie_css_bb.css
-%%WWWDIR%%/styles/ie_css_ob.css
 %%WWWDIR%%/styles/ie_css_od.css
 %%WWWDIR%%/styles/link.css
 %%WWWDIR%%/styles/p.css
--- zabbix-server-1.8.10,2.patch ends here ---
Comment 6 Chris Rees freebsd_committer 2011-12-29 13:54:49 UTC
Responsible Changed
From-To: freebsd-ports-bugs->crees

I'll take it.
Comment 7 dfilter service freebsd_committer 2011-12-30 19:33:20 UTC
crees       2011-12-30 19:33:10 UTC

  FreeBSD ports repository

  Modified files:
    net-mgmt/zabbix-frontend Makefile 
    net-mgmt/zabbix-server Makefile distinfo pkg-plist.frontend 
  Log:
  - Update to 1.8.10,2
  - Deforbid zabbix-frontend
  
  PR:             ports/163691
  Submitted by:   Jim Riggs <ports@christianserving.org> (maintainer)
  
  Revision  Changes    Path
  1.6       +0 -2      ports/net-mgmt/zabbix-frontend/Makefile
  1.16      +1 -3      ports/net-mgmt/zabbix-server/Makefile
  1.8       +2 -2      ports/net-mgmt/zabbix-server/distinfo
  1.7       +2 -3      ports/net-mgmt/zabbix-server/pkg-plist.frontend
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 8 Chris Rees freebsd_committer 2011-12-30 19:33:43 UTC
State Changed
From-To: feedback->closed

Update committed.  Pavel, thanks for the heads-up, and Jim, thanks for 
the seriously fast update!