From nobody@FreeBSD.org  Thu Dec 29 06:30:45 2011
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1723B106564A
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 29 Dec 2011 06:30:45 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id DC7F38FC0C
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 29 Dec 2011 06:30:44 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id pBT6UiOj025066
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 29 Dec 2011 06:30:44 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id pBT6UiCh025065;
	Thu, 29 Dec 2011 06:30:44 GMT
	(envelope-from nobody)
Message-Id: <201112290630.pBT6UiCh025065@red.freebsd.org>
Date: Thu, 29 Dec 2011 06:30:44 GMT
From: Pavel Timofeev <timp87@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [vulnerable] please, update zabbix to 1.8.10
X-Send-Pr-Version: www-3.1
X-GNATS-Notify: ports@christianserving.org

>Number:         163691
>Category:       ports
>Synopsis:       [vulnerable] please, update net-mgmt/zabbix-server to 1.8.10
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    crees
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Dec 29 06:40:06 UTC 2011
>Closed-Date:    Fri Dec 30 19:33:46 UTC 2011
>Last-Modified:  Fri Dec 30 19:40:10 UTC 2011
>Originator:     Pavel Timofeev
>Release:        FreeBSD 9.0-RC3 amd64
>Organization:
>Environment:
>Description:
Current zabbix ports version is vulnerable.
Please, update it to latest release http://www.zabbix.com/rn1.8.10.php.
See '[ZBX-4015] fixed multiple XSS issues' PR.
>How-To-Repeat:

>Fix:


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: edwin 
State-Changed-When: Thu Dec 29 11:00:32 UTC 2011 
State-Changed-Why:  
Awaiting maintainers feedback (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=163691 

From: Edwin Groothuis <edwin@FreeBSD.org>
To: ports@christianserving.org
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/163691: [vulnerable] please, update net-mgmt/zabbix-server to 1.8.10
Date: Thu, 29 Dec 2011 11:00:28 UT

 Maintainer of net-mgmt/zabbix-server,
 
 Please note that PR ports/163691 has just been submitted.
 
 If it contains a patch for an upgrade, an enhancement or a bug fix
 you agree on, reply to this email stating that you approve the patch
 and a committer will take care of it.
 
 The full text of the PR can be found at:
     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/163691
 
 -- 
 Edwin Groothuis via the GNATS Auto Assign Tool
 edwin@FreeBSD.org

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/163691: commit references a PR
Date: Thu, 29 Dec 2011 11:19:43 +0000 (UTC)

 crees       2011-12-29 11:19:26 UTC
 
   FreeBSD ports repository
 
   Modified files:
     net-mgmt/zabbix-frontend Makefile 
   Log:
   Mark FORBIDDEN; multiple XSS vulnerabilities
   
   PR:             ports/163691
   Submitted by:   Pavel Timofeev <timp87@gmail.com>
   Obtained from:  https://support.zabbix.com/browse/ZBX-4015
   Security:       ZBX-4015
   
   Revision  Changes    Path
   1.5       +2 -0      ports/net-mgmt/zabbix-frontend/Makefile
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/163691: commit references a PR
Date: Thu, 29 Dec 2011 13:04:37 +0000 (UTC)

 crees       2011-12-29 13:04:24 UTC
 
   FreeBSD ports repository
 
   Modified files:
     security/vuxml       vuln.xml 
   Log:
   Document XSS vulnerability in net-mgmt/zabbix-frontend
   
   PR:             ports/163691
   Obtained from:  https://support.zabbix.com/browse/ZBX-4015
   Security:       ZBX-4015
   
   Revision  Changes    Path
   1.2531    +27 -1     ports/security/vuxml/vuln.xml
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 

From: Jim Riggs <ports@christianserving.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:  
Subject: Re: ports/163691: [vulnerable] please, update net-mgmt/zabbix-server to 1.8.10
Date: Thu, 29 Dec 2011 07:33:40 -0600 (CST)

 >Submitter-Id:	current-users
 >Originator:	Jim Riggs
 >Organization:	
 >Confidential:	no 
 >Synopsis:	Re: ports/163691: [vulnerable] please, update net-mgmt/zabbix-server to 1.8.10
 >Severity:	non-critical
 >Priority:	low
 >Category:	ports 
 >Class:		maintainer-update
 >Release:	FreeBSD 8.2-RELEASE amd64
 >Environment:
 System: FreeBSD packagebuild.peace.daveramsey.com 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Thu Feb 17 02:41:51 UTC 2011
 >Description:
 - Update to 1.8.10
 
 Generated with FreeBSD Port Tools 0.99
 >How-To-Repeat:
 >Fix:
 
 --- zabbix-server-1.8.10,2.patch begins here ---
 diff -ruN --exclude=CVS /usr/ports/net-mgmt/zabbix-server/Makefile /root/zabbix-server/Makefile
 --- /usr/ports/net-mgmt/zabbix-server/Makefile	2011-10-14 20:26:34.000000000 -0500
 +++ /root/zabbix-server/Makefile	2011-12-29 07:17:52.580751271 -0600
 @@ -6,7 +6,7 @@
  #
  
  PORTNAME=	zabbix
 -PORTVERSION=	1.8.8
 +PORTVERSION=	1.8.10
  PORTEPOCH=	2
  CATEGORIES=	net-mgmt
  MASTER_SITES=	SF/zabbix/ZABBIX%20Latest%20Stable/${PORTVERSION}
 @@ -48,8 +48,6 @@
  CONFIGURE_ARGS+=	--enable-${ZABBIX_BUILD}
  
  .if ${ZABBIX_BUILD} != "agent"
 -CPPFLAGS+=	-I${LOCALBASE}/include
 -CONFIGURE_ENV+=	LDFLAGS="-L${LOCALBASE}/lib"
  LIB_DEPENDS=	netsnmp:${PORTSDIR}/net-mgmt/net-snmp \
  		execinfo:${PORTSDIR}/devel/libexecinfo
  
 diff -ruN --exclude=CVS /usr/ports/net-mgmt/zabbix-server/distinfo /root/zabbix-server/distinfo
 --- /usr/ports/net-mgmt/zabbix-server/distinfo	2011-10-14 20:26:34.000000000 -0500
 +++ /root/zabbix-server/distinfo	2011-12-29 07:16:16.306217215 -0600
 @@ -1,2 +1,2 @@
 -SHA256 (zabbix-1.8.8.tar.gz) = 25eded2536213cf1c75631f2becf46349b915dd8782698f5b2936f5abb7eeb99
 -SIZE (zabbix-1.8.8.tar.gz) = 4213181
 +SHA256 (zabbix-1.8.10.tar.gz) = d965d23f2ce8c7ddee7a1532863a208fae28958e3fc0871e0229ffa06f88a54b
 +SIZE (zabbix-1.8.10.tar.gz) = 4217417
 diff -ruN --exclude=CVS /usr/ports/net-mgmt/zabbix-server/pkg-plist.frontend /root/zabbix-server/pkg-plist.frontend
 --- /usr/ports/net-mgmt/zabbix-server/pkg-plist.frontend	2011-10-14 20:26:34.000000000 -0500
 +++ /root/zabbix-server/pkg-plist.frontend	2011-12-29 07:26:44.520198505 -0600
 @@ -25,6 +25,7 @@
  %%WWWDIR%%/api/classes/class.cmediatype.php
  %%WWWDIR%%/api/classes/class.cproxy.php
  %%WWWDIR%%/api/classes/class.cscreen.php
 +%%WWWDIR%%/api/classes/class.cscreenitem.php
  %%WWWDIR%%/api/classes/class.cscript.php
  %%WWWDIR%%/api/classes/class.ctemplate.php
  %%WWWDIR%%/api/classes/class.ctrigger.php
 @@ -427,8 +428,6 @@
  %%WWWDIR%%/styles/div.css
  %%WWWDIR%%/styles/form.css
  %%WWWDIR%%/styles/ie.css
 -%%WWWDIR%%/styles/ie_css_bb.css
 -%%WWWDIR%%/styles/ie_css_ob.css
  %%WWWDIR%%/styles/ie_css_od.css
  %%WWWDIR%%/styles/link.css
  %%WWWDIR%%/styles/p.css
 --- zabbix-server-1.8.10,2.patch ends here ---
 
Responsible-Changed-From-To: freebsd-ports-bugs->crees 
Responsible-Changed-By: crees 
Responsible-Changed-When: Thu Dec 29 13:54:49 UTC 2011 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=163691 
State-Changed-From-To: feedback->closed 
State-Changed-By: crees 
State-Changed-When: Fri Dec 30 19:33:43 UTC 2011 
State-Changed-Why:  
Update committed.  Pavel, thanks for the heads-up, and Jim, thanks for 
the seriously fast update! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=163691 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/163691: commit references a PR
Date: Fri, 30 Dec 2011 19:33:20 +0000 (UTC)

 crees       2011-12-30 19:33:10 UTC
 
   FreeBSD ports repository
 
   Modified files:
     net-mgmt/zabbix-frontend Makefile 
     net-mgmt/zabbix-server Makefile distinfo pkg-plist.frontend 
   Log:
   - Update to 1.8.10,2
   - Deforbid zabbix-frontend
   
   PR:             ports/163691
   Submitted by:   Jim Riggs <ports@christianserving.org> (maintainer)
   
   Revision  Changes    Path
   1.6       +0 -2      ports/net-mgmt/zabbix-frontend/Makefile
   1.16      +1 -3      ports/net-mgmt/zabbix-server/Makefile
   1.8       +2 -2      ports/net-mgmt/zabbix-server/distinfo
   1.7       +2 -3      ports/net-mgmt/zabbix-server/pkg-plist.frontend
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
