CVE 2017-2824 patch not yet applied?

Bug #1712993 reported by Vladislav Naumov on 2017-08-25
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
zabbix (Debian)
Fix Released
Unknown
zabbix (Ubuntu)
Undecided
Unassigned

Bug Description

I see patch was applied to Debian almost 2 months ago:
https://security-tracker.debian.org/tracker/CVE-2017-2824

but still not in Ubuntu for some reason:
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2824.html

CVE References

Vladislav Naumov (vnaum) on 2017-08-25
information type: Private Security → Public Security
Steve Beattie (sbeattie) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

Changed in zabbix (Ubuntu):
status: New → Incomplete
Changed in zabbix (Debian):
status: Unknown → Incomplete
Hans Joachim Desserud (hjd) wrote :

Thanks for taking your time to report this issue and make Ubuntu better.

I added a link to CVE using the button on the right. I also took a look at the Debian bug report, and it looks like this should be fixed in the version synced in Ubuntu Artful. It is, presumably, of course still affecting older releases.

Changed in zabbix (Debian):
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.