From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id mVPuM8mCTmAXKwAA0tVLHw (envelope-from ) for ; Sun, 14 Mar 2021 21:40:25 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id +GgpL8mCTmBDaQAA1q6Kng (envelope-from ) for ; Sun, 14 Mar 2021 21:40:25 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 287341FD10 for ; Sun, 14 Mar 2021 22:40:25 +0100 (CET) Received: from localhost ([::1]:34716 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lLYTG-0004E1-IW for larch@yhetil.org; Sun, 14 Mar 2021 17:40:22 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:55412) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lLYN9-0004p0-0y for bug-guix@gnu.org; Sun, 14 Mar 2021 17:34:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:51013) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lLYN8-0002Al-Pr for bug-guix@gnu.org; Sun, 14 Mar 2021 17:34:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1lLYN8-0002uS-Nh for bug-guix@gnu.org; Sun, 14 Mar 2021 17:34:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#47141: Zabbix packages vulnerable to CVE-2021-27927 Resent-From: Mark H Weaver Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 14 Mar 2021 21:34:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 47141 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 47141@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.161575763611169 (code B ref -1); Sun, 14 Mar 2021 21:34:02 +0000 Received: (at submit) by debbugs.gnu.org; 14 Mar 2021 21:33:56 +0000 Received: from localhost ([127.0.0.1]:34326 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lLYN2-0002u5-4p for submit@debbugs.gnu.org; Sun, 14 Mar 2021 17:33:56 -0400 Received: from lists.gnu.org ([209.51.188.17]:45696) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lLYN0-0002tx-7q for submit@debbugs.gnu.org; Sun, 14 Mar 2021 17:33:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:55408) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lLYMz-0004kv-0C for bug-guix@gnu.org; Sun, 14 Mar 2021 17:33:53 -0400 Received: from world.peace.net ([64.112.178.59]:55700) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lLYMv-00025n-UD for bug-guix@gnu.org; Sun, 14 Mar 2021 17:33:52 -0400 Received: from mhw by world.peace.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lLYMu-0000vM-Cy; Sun, 14 Mar 2021 17:33:48 -0400 From: Mark H Weaver References: <023956d907028d228057db658970dd5075440ad7.camel@zaclys.net> Date: Sun, 14 Mar 2021 17:32:18 -0400 Message-ID: <87ft0xs9oi.fsf@netris.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Received-SPF: pass client-ip=64.112.178.59; envelope-from=mhw@netris.org; helo=world.peace.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1615758025; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=MyE0F+kcDckcMVTF+X+f7PEBXnhIYyrTBW45IMv/aS8=; b=sAqmOoBVKQDoQ3r2k3YualzC+/TFVtMkfwaajlseoSagPD4rKvt02hd0JA5aZnLzyTlKdj vYjGzo5aIf6epYQwk5gwC606rTpiefhblBzLdDPyPMndt9sgzAD+f4EGZenkYfPR0jd1bJ og3bC/vXgzffjB79Oz0bXcBCeADAk5bAed9sSxyI4kkMWxjyIIibMwoR+SqX3jup3Prkm2 ikoI59qE23OG0Dq+ZuEXe3SuOTr41iOH1xhRX5KIt6s5PkjqXC9ID0ypWNJGPLM+v+0/+u JplBSl5wCKPM2n68IIRMbj5Foi53HXy2OTjwpj9D8lHYZ/hEJ/dvN+5jlWswOA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1615758025; a=rsa-sha256; cv=none; b=u4rj+sZ15cgzvUJzSJ4S/EZJCGfI4sAjkDmZVsZ4eztIdiKTSZL/QzCC7RkwlR59UKqI4r QS2ePLsePh7KLIVa7tFtFGnRgI1Cj3Tla54KHbv+uv4XKSUBPtNa9yI9VFuhhu9cknXKWp dCThYZcaaAiTnPqE599VY0doNsKFbjFTjVjQbs0O23rmG+cVthqT+I5aGhJvn2H7pbB/Uc wFwbhlXgEu6k/O6pMqQxdlaLVAVQMh0v4gn3tLA4DEjD/Jx7d+xskg6jupC+6lHze3l2wp u60ifGUSGeobU645uV/IEozATuT3hRb0D1SjsqR4sxqe440uex5zbUvBspYYJQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Spam-Score: -4.50 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Queue-Id: 287341FD10 X-Spam-Score: -4.50 X-Migadu-Scanner: scn0.migadu.com X-TUID: hQgujYTm4GOP --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable I'm forwarding this to bug-guix@gnu.org so that it won't be forgotten. Mark -------------------- Start of forwarded message -------------------- Subject: Zabbix packages vulnerable to CVE-2021-27927 From: L=C3=A9o Le Bouter To: guix-devel@gnu.org Date: Wed, 03 Mar 2021 21:08:54 +0100 --=-=-= Content-Type: multipart/signed; boundary="==-=-=" --==-=-= Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Would be nice to update, it's a CSRF so not very high severity but still. See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27927 --==-=-= Content-Type: application/pgp-signature; name=signature.asc Content-Transfer-Encoding: base64 Content-Description: This is a digitally signed message part LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUFCQ2dBZEZpRUVGSXZMaTlnTCt4 YXgzZzZSUmFpeDZHdk5FS1lGQW1BLzdOWUFDZ2tRUmFpeDZHdk4KRUtiLzRCQUFqdmZrR0RHbVdz R0RIWDBHZG5qTGVkeVBpK3NMNDU0QWIwcytxQXJJblpQOWE5ZWY2NlM3MERNawpQYk1uZ2JuNi8v QktHNkRuUVhXQ0Ribk5wdnZCQzlNbW9kZHN3SCtWRERNWlN0am1lZlJBcGJ4ODVBTlk1SkNFCmJS bmowOVZYdEJqcGNxWjJNNGFUTW1zS2dzcFdseDZjYkhsWFkvdGRnc2F5TVd2TDBJZHpnR2NlRzhj RGozYmkKM3N6eElvOGdpb0d5TmxKV2RnN1d4ZGR1R0FTUm9yOG1zSTVkZSsrYmJaclhwSUdWZXE2 TWhRUHpQYkJOUDR4NwpmSmlFRlJjd1ZIempUckx2SndxdzNpTUJaRllSTGphKytSOCtBVmhSNDly SWZqV1lmUEsyRi9OdWU2Q1V5SGlsClcvNjNKNWthVjZKdXRpck5oSHN6cE9GZ05yUktPMU1QdUps aGtKbkxaTTVRakNySVhJclZ4TGo3U1kvaVZhWGUKaGRvZi94K1Fsbi95OVFYMUFVd3h2SXhscmUw dVMyeEZua3NFRlU1aU53bnJORzVtem1OM2ZuTHM0NEl1SGxkSQpLKzNZZUM2YXRMOWhkVHV3SzNy aG1MZFRBc080ek1PaTgrSm9SOERnUU1ubUhyV1FNcnlKQ1B4RTFjTEd3YktMCmxVcmFkeUcrVEtv Ky85SFNjR3k5VXd4STdmK3FZYURnczZkVG81TGl4WWQ1ejlTTXN4TkxFV1NudjJ4TnBzdDcKUTBQ M201Y1FzY1RyMW9ZZjZCL1A5bUJHK2ZyMGFVN2Iva1d3V0F0MnZYdWNQa1N5cGdReE1CcEhyUFRk S2F3RgpBMDljRFZBU1pKVnF2ZW1rcnh2VDdnMkRjZ1NDQzZ3RzB0MjhYSXluQ3NYNVcvSkNqNlE9 Cj1xczByCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo= --==-=-=-- --=-=-= Content-Type: text/plain -------------------- End of forwarded message -------------------- --=-=-=--