[3.5] zoneminder: Multiple vulnerabilities (CVE-2017-5595, CVE-2017-5367, CVE-2017-5368, CVE-2016-10140)
CVE-2017-5595: File disclosure due to unfiltered user-input
Affects v1.30 and v1.29
References:
http://seclists.org/bugtraq/2017/Feb/6
Patch:
https://github.com/ZoneMinder/ZoneMinder/commit/8b19fca9927cdec07cc9dd09bdcf2496a5ae69b3
CVE-2017-5367 - Multiple Cross Site Scripting Vulnerabilities
Affects v1.30 and v1.29
Reference:
http://seclists.org/bugtraq/2017/Feb/6
CVE-2017-5368 - Cross Site Request Forgery Vulnerability
Affects v1.30 and v1.29
Reference:
http://seclists.org/bugtraq/2017/Feb/6
CVE-2016-10140: Auth bypass and Info disclosure
Affects v1.30 and v1.29
References:
http://seclists.org/bugtraq/2017/Feb/6
Patch:
https://github.com/ZoneMinder/ZoneMinder/commit/71898df7565ed2a51dfe76a1cf30ddb81fc888ba
(from redmine: issue id 6913, created on 2017-02-23, closed on 2017-04-18)
- Changesets:
- Revision 5aeeee93 by Kaarle Ritvanen on 2017-02-24T08:27:37Z:
community/zoneminder: security upgrade to 1.30.2
ref #6913
- Revision 0e9fcb21 by Kaarle Ritvanen on 2017-04-15T21:47:34Z:
community/zoneminder: upstream redefined 1.30.2 tag
fixes #6913
- Revision 70721263 by Kaarle Ritvanen on 2017-04-15T22:15:07Z:
community/zoneminder: upstream redefined 1.30.2 tag
fixes #6913