[Secure-testing-team] Bug#698541: zabbix: CVE-2013-1364: possible to override LDAP configuration parameters via the API

Sun Jan 20 07:24:44 UTC 2013

Package: zabbix
Severity: grave
Tags: security
Justification: user security hole

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

the following vulnerability was published for zabbix.

CVE-2013-1364[0]:
possible to override LDAP configuration parameters via the API

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://security-tracker.debian.org/tracker/CVE-2013-1364

Please adjust the affected versions in the BTS as needed.

Patches are available on the upstream BTS[1].

[1] https://support.zabbix.com/browse/ZBX-6097

Could you check if Debian package is affected, and in case also adjust
severity.

Regards,
Salvatore

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJQ+5u3AAoJEHidbwV/2GP+afQP+QGzyhyAvYzuA13XM57DUR4u
0yLkKRT1tGoP2nQwkRS/9R0arVFMTLYNQZp4MpNl7udCmlIcY6ZKcq/AZBUWm0cW
PgZr+axcFxya7RXXa48OW+i53nrhVvqt7IYHf9ibC2VbsMebDEVpKNCLp7PpC2gE
mEvHtDZJmr3qX+LoEH+Rz/mREAchgD2KSA01Fb0vmSPZmDNnzbHygD8LfsMULB0w
2d9XCusg1FqMQHZT8U5z2L4H78JvR90e+z2t48818NUWKHblGxpZ4hNuF9C0mczy
EKqtKKIF/REvyQIm0d5dt9Li3jxixzft8+hDjLtiIkfn42FO+FWsdJKkSkO6xfUI
EHNKy1ALjnz97jh09f8boas28h74I/aORpuYZESDirlL+scdKy9FTyKo8ftIQQMd
q89N4sr/lrmSnrC2wUJdsb7BvILxcTPA+/KYTZsAfsi4oVF+F1AYviThTk3eI6yW
6TkARNZcqrrSvdCG+J/nP1m8TaiKcQ22cfRNxXoL2xDxMF3x5d8WCqJa2Kzzp4yS
LcECw4JRtgQTTsAarLo2qmscacKjcSQ6DkQVgOSr99KJi0RnS7mNrz9Ve5O4yU2T
E3vncfJMZBIgRa1foH8vmOWpp9T9RwM8bVH2uWGOBfrjkiWDeZdbLWTn6MWtkrCW
uy3uR7x4nwX/B+XKHZ3A
=0nFY
-----END PGP SIGNATURE-----