From debbugs-submit-bounces@debbugs.gnu.org Sun Mar 14 17:33:56 2021 Received: (at submit) by debbugs.gnu.org; 14 Mar 2021 21:33:56 +0000 Received: from localhost ([127.0.0.1]:34326 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lLYN2-0002u5-4p for submit@debbugs.gnu.org; Sun, 14 Mar 2021 17:33:56 -0400 Received: from lists.gnu.org ([209.51.188.17]:45696) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lLYN0-0002tx-7q for submit@debbugs.gnu.org; Sun, 14 Mar 2021 17:33:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:55408) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lLYMz-0004kv-0C for bug-guix@gnu.org; Sun, 14 Mar 2021 17:33:53 -0400 Received: from world.peace.net ([64.112.178.59]:55700) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lLYMv-00025n-UD for bug-guix@gnu.org; Sun, 14 Mar 2021 17:33:52 -0400 Received: from mhw by world.peace.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lLYMu-0000vM-Cy; Sun, 14 Mar 2021 17:33:48 -0400 From: Mark H Weaver To: bug-guix@gnu.org Subject: Zabbix packages vulnerable to CVE-2021-27927 References: <023956d907028d228057db658970dd5075440ad7.camel@zaclys.net> Date: Sun, 14 Mar 2021 17:32:18 -0400 Message-ID: <87ft0xs9oi.fsf@netris.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Received-SPF: pass client-ip=64.112.178.59; envelope-from=mhw@netris.org; helo=world.peace.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit Cc: =?utf-8?Q?L=C3=A9o?= Le Bouter X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable I'm forwarding this to bug-guix@gnu.org so that it won't be forgotten. Mark -------------------- Start of forwarded message -------------------- Subject: Zabbix packages vulnerable to CVE-2021-27927 From: L=C3=A9o Le Bouter To: guix-devel@gnu.org Date: Wed, 03 Mar 2021 21:08:54 +0100 --=-=-= Content-Type: multipart/signed; boundary="==-=-=" --==-=-= Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Would be nice to update, it's a CSRF so not very high severity but still. See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27927 --==-=-= Content-Type: application/pgp-signature; name=signature.asc Content-Transfer-Encoding: base64 Content-Description: This is a digitally signed message part LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUFCQ2dBZEZpRUVGSXZMaTlnTCt4 YXgzZzZSUmFpeDZHdk5FS1lGQW1BLzdOWUFDZ2tRUmFpeDZHdk4KRUtiLzRCQUFqdmZrR0RHbVdz R0RIWDBHZG5qTGVkeVBpK3NMNDU0QWIwcytxQXJJblpQOWE5ZWY2NlM3MERNawpQYk1uZ2JuNi8v QktHNkRuUVhXQ0Ribk5wdnZCQzlNbW9kZHN3SCtWRERNWlN0am1lZlJBcGJ4ODVBTlk1SkNFCmJS bmowOVZYdEJqcGNxWjJNNGFUTW1zS2dzcFdseDZjYkhsWFkvdGRnc2F5TVd2TDBJZHpnR2NlRzhj RGozYmkKM3N6eElvOGdpb0d5TmxKV2RnN1d4ZGR1R0FTUm9yOG1zSTVkZSsrYmJaclhwSUdWZXE2 TWhRUHpQYkJOUDR4NwpmSmlFRlJjd1ZIempUckx2SndxdzNpTUJaRllSTGphKytSOCtBVmhSNDly SWZqV1lmUEsyRi9OdWU2Q1V5SGlsClcvNjNKNWthVjZKdXRpck5oSHN6cE9GZ05yUktPMU1QdUps aGtKbkxaTTVRakNySVhJclZ4TGo3U1kvaVZhWGUKaGRvZi94K1Fsbi95OVFYMUFVd3h2SXhscmUw dVMyeEZua3NFRlU1aU53bnJORzVtem1OM2ZuTHM0NEl1SGxkSQpLKzNZZUM2YXRMOWhkVHV3SzNy aG1MZFRBc080ek1PaTgrSm9SOERnUU1ubUhyV1FNcnlKQ1B4RTFjTEd3YktMCmxVcmFkeUcrVEtv Ky85SFNjR3k5VXd4STdmK3FZYURnczZkVG81TGl4WWQ1ejlTTXN4TkxFV1NudjJ4TnBzdDcKUTBQ M201Y1FzY1RyMW9ZZjZCL1A5bUJHK2ZyMGFVN2Iva1d3V0F0MnZYdWNQa1N5cGdReE1CcEhyUFRk S2F3RgpBMDljRFZBU1pKVnF2ZW1rcnh2VDdnMkRjZ1NDQzZ3RzB0MjhYSXluQ3NYNVcvSkNqNlE9 Cj1xczByCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo= --==-=-=-- --=-=-= Content-Type: text/plain -------------------- End of forwarded message -------------------- --=-=-=--