Debian Package Tracker

general

source: zabbix (main)
version: 1:4.0.11+dfsg-1
maintainer: Dmitry Smirnov (DMD)
uploaders: Christoph Haas [DMD]
arch: all any
std-ver: 4.4.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1:2.2.7+dfsg-2+deb8u3
o-o-sec: 1:2.2.23+dfsg-0+deb8u1
oldstable: 1:3.0.7+dfsg-3
old-bpo: 1:4.0.3+dfsg-2~bpo9+1
stable: 1:4.0.4+dfsg-1
testing: 1:4.0.11+dfsg-1
unstable: 1:4.0.11+dfsg-1

versioned links

1:2.2.7+dfsg-2+deb8u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:2.2.23+dfsg-0+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:3.0.7+dfsg-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.0.3+dfsg-2~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.0.4+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.0.11+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

zabbix-agent (2 bugs: 0, 1, 1, 0)
zabbix-frontend-php (3 bugs: 0, 2, 1, 0)
zabbix-java-gateway
zabbix-proxy-mysql (1 bugs: 0, 0, 1, 0)
zabbix-proxy-pgsql
zabbix-proxy-sqlite3
zabbix-server-mysql (2 bugs: 0, 0, 2, 0)
zabbix-server-pgsql

action needed

A new upstream version is available: 4.2.6 high

A new upstream version 4.2.6 is available, you should consider packaging it.

Created: 2019-02-22 Last update: 2019-09-16 22:15

2 security issues in bullseye high

There are 2 open security issues in bullseye.

2 important issues:

CVE-2019-15132: Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php.
CVE-2017-2826: An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests from an active Zabbix proxy to trigger this vulnerability.

Please fix them.

Created: 2019-07-07 Last update: 2019-09-14 00:07

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2019-15132: Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php.
CVE-2017-2826: An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests from an active Zabbix proxy to trigger this vulnerability.

Please fix them.

Created: 2018-04-19 Last update: 2019-09-14 00:07

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2018-09-11 Last update: 2019-09-17 02:47

Depends on packages which need a new maintainer normal

The packages that zabbix depends on which need a new maintainer are:

apache2 (#910917)
- Build-Depends: apache2-dev
- Recommends: apache2
prototypejs (#863697)
- Build-Depends: libjs-prototype
snmp-mibs-downloader (#878723)
- Suggests: snmp-mibs-downloader snmp-mibs-downloader

Created: 2017-12-02 Last update: 2019-09-17 01:07

lintian reports 15 warnings normal

Lintian reports 15 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2019-08-26 Last update: 2019-09-03 00:55

2 ignored security issues in buster low

There are 2 open security issues in buster.

2 issues skipped by the security teams:

CVE-2019-15132: Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php.
CVE-2017-2826: An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests from an active Zabbix proxy to trigger this vulnerability.

Please fix them.

Created: 2018-04-19 Last update: 2019-09-14 00:07

1 ignored security issue in jessie low

There is 1 open security issue in jessie.

1 issue skipped by the security teams:

CVE-2019-15132: Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php.

Please fix it.

Created: 2019-08-18 Last update: 2019-09-14 00:07

3 ignored security issues in stretch low

There are 3 open security issues in stretch.

3 issues skipped by the security teams:

CVE-2019-15132: Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php.
CVE-2017-2826: An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests from an active Zabbix proxy to trigger this vulnerability.
CVE-2016-10742: Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter.

Please fix them.

Created: 2018-04-13 Last update: 2019-09-14 00:07

testing migrations

This package will soon be part of the auto-libevent transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2019-09-04] zabbix 1:4.0.11+dfsg-1 MIGRATED to testing (Debian testing watch)
[2019-08-30] Accepted zabbix 1:4.0.11+dfsg-1 (source) into unstable (Dmitry Smirnov)
[2019-03-11] Accepted zabbix 1:2.2.23+dfsg-0+deb8u1 (source amd64 all) into oldstable (Markus Koschany)
[2019-02-11] zabbix 1:4.0.4+dfsg-1 MIGRATED to testing (Debian testing watch)
[2019-02-06] Accepted zabbix 1:4.0.4+dfsg-1 (source amd64 all) into unstable (Dmitry Smirnov)
[2019-01-22] zabbix 1:4.0.3+dfsg-2 MIGRATED to testing (Debian testing watch)
[2019-01-22] Accepted zabbix 1:4.0.3+dfsg-2~bpo9+1 (source amd64 all) into stretch-backports (Dmitry Smirnov)
[2019-01-17] Accepted zabbix 1:4.0.3+dfsg-2 (source amd64 all) into unstable (Dmitry Smirnov)
[2018-12-31] zabbix 1:4.0.3+dfsg-1 MIGRATED to testing (Debian testing watch)
[2018-12-24] Accepted zabbix 1:4.0.3+dfsg-1 (source amd64 all) into unstable (Dmitry Smirnov)
[2018-12-17] zabbix 1:4.0.2+dfsg-1 MIGRATED to testing (Debian testing watch)
[2018-12-06] Accepted zabbix 1:4.0.2+dfsg-1 (source amd64 all) into unstable (Dmitry Smirnov)
[2018-11-06] zabbix 1:4.0.1+dfsg-1 MIGRATED to testing (Debian testing watch)
[2018-11-01] Accepted zabbix 1:4.0.1+dfsg-1 (source amd64 all) into unstable (Dmitry Smirnov)
[2018-10-08] zabbix 1:4.0.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2018-10-03] Accepted zabbix 1:4.0.0+dfsg-1 (source amd64 all) into unstable (Dmitry Smirnov)
[2018-05-29] Accepted zabbix 1:3.0.17+dfsg-1~bpo9+1 (source amd64 all) into stretch-backports, stretch-backports (Dmitry Smirnov)
[2018-05-21] zabbix 1:3.0.17+dfsg-1 MIGRATED to testing (Debian testing watch)
[2018-05-14] Accepted zabbix 1:3.0.17+dfsg-1 (source amd64 all) into unstable (Dmitry Smirnov)
[2017-11-27] zabbix 1:3.0.12+dfsg-1 MIGRATED to testing (Debian testing watch)
[2017-11-15] zabbix REMOVED from testing (Debian testing watch)
[2017-10-29] Accepted zabbix 1:3.0.12+dfsg-1 (source amd64 all) into unstable (Dmitry Smirnov)
[2017-08-12] Accepted zabbix 1:2.2.7+dfsg-2+deb8u3 (source amd64 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Moritz Muehlenhoff) (signed by: Moritz Mühlenhoff)
[2017-06-06] zabbix 1:3.0.7+dfsg-3 MIGRATED to testing (Debian testing watch)
[2017-06-04] Accepted zabbix 1:3.0.7+dfsg-3 (source amd64 all) into unstable (Dmitry Smirnov)
[2017-05-21] Accepted zabbix 1:3.0.7+dfsg-2 (source amd64 all) into unstable (Dmitry Smirnov)
[2017-03-09] Accepted zabbix 1:2.2.7+dfsg-2+deb8u2 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Moritz Mühlenhoff)
[2017-01-16] Accepted zabbix 1:3.0.7+dfsg-1~bpo8+1 (source amd64 all) into jessie-backports (Dmitry Smirnov)
[2017-01-10] zabbix 1:3.0.7+dfsg-1 MIGRATED to testing (Debian testing watch)
[2016-12-31] Accepted zabbix 1:3.0.7+dfsg-1 (source amd64 all) into unstable (Dmitry Smirnov)

bugs [bug history graph]

all: 11
RC: 0
I&N: 4
M&W: 7
F&P: 0
patch: 0

links

homepage
lintian (0, 15)
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:4.0.4+dfsg-1build2
70 bugs (1 patch)