[Git][security-tracker-team/security-tracker][master] some zoneminder issues fixed

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Sep 3 10:46:07 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
659ba0ac by Moritz Muehlenhoff at 2021-09-03T11:45:35+02:00
some zoneminder issues fixed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -164994,20 +164994,26 @@ CVE-2019-8429 (ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.ph
 	- zoneminder <unfixed> (unimportant; bug #922724)
 	NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
 CVE-2019-8428 (ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views ...)
-	- zoneminder <unfixed> (unimportant; bug #922724)
+	- zoneminder 1.34.6-1 (unimportant; bug #922724)
 	NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
+	NOTE: https://github.com/ZoneMinder/zoneminder/pull/2422
+	NOTE: https://github.com/ZoneMinder/zoneminder/commit/c0a6e54d60d3a8f297cc5f2ef6a862f6f00d746e
 CVE-2019-8427 (daemonControl in includes/functions.php in ZoneMinder before 1.32.3 al ...)
 	- zoneminder <unfixed> (unimportant; bug #922724)
 	NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
 CVE-2019-8426 (skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS ...)
-	- zoneminder <unfixed> (unimportant; bug #922724)
+	- zoneminder 1.34.6-1 (unimportant; bug #922724)
 	NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
+	NOTE: https://github.com/ZoneMinder/zoneminder/commit/34e2e4799364639483f93cff70204618b834f7a2
+	NOTE: https://github.com/ZoneMinder/zoneminder/pull/2423
 CVE-2019-8425 (includes/database.php in ZoneMinder before 1.32.3 has XSS in the const ...)
 	- zoneminder <unfixed> (unimportant; bug #922724)
 	NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
 CVE-2019-8424 (ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sor ...)
-	- zoneminder <unfixed> (unimportant; bug #922724)
+	- zoneminder 1.34.6-1 (unimportant; bug #922724)
 	NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
+	NOTE: https://github.com/ZoneMinder/zoneminder/commit/02fd1e79b3bfa5b2e2087cb1255f9dbd921ccae8
+	NOTE: https://github.com/ZoneMinder/zoneminder/pull/2421
 CVE-2019-8423 (ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/view ...)
 	- zoneminder <unfixed> (unimportant; bug #922724)
 	NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
@@ -167802,9 +167808,10 @@ CVE-2019-7331 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder thr
 	NOTE: https://github.com/ZoneMinder/zoneminder/commit/254b7286b4d2654b95080a175c44195667e42ea8
 	NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
 CVE-2019-7330 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
-	- zoneminder <unfixed> (unimportant; bug #922724)
+	- zoneminder 1.34.6-1 (unimportant; bug #922724)
 	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2448
 	NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
+	NOTE: https://github.com/ZoneMinder/zoneminder/commit/b2a97ee190c6dc3e30b9c36b9c33c33348dde4d6
 CVE-2019-7329 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
 	- zoneminder 1.34.6-1 (unimportant; bug #922724)
 	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2446



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/659ba0ac453639147290cfcbdb57f4366be3e276

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/659ba0ac453639147290cfcbdb57f4366be3e276
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210903/64f1a724/attachment.htm>

More information about the debian-security-tracker-commits mailing list