ZoneMinder Forums

By the way, CVE-2013-0232 was assigned for this issue: https://access.redhat.com/security/cve/CVE-2013-0232

The Fedora security team passed the following URL on to me, which describes an arbitrary command execution vulnerability. Unfortunately this is in the PHP portion of ZM and PHP is not a language I'm particularly good at, so I don't feel up to having a go at fixing it. I haven't been able to find any...

Or, maybe, I could try reading the code. It looks like all of this openssl/gnutls stuff is used for exactly one thing: the MD5 function, for hashing passwords. Is that really the case? If so, I suspect I'll just rip it all out and insert one of the public domain implementations, or call libmd.

It embarrasses and dismays me to make this request, but circumstances force me to at least try. I am the maintainer of zoneminder in Fedora. Fedora (or specifically, a couple of people involved with it) have decided to stop shipping libgnutls-openssl, which provides enough openssl compatibility for ...

If you want to rebuild the package, just don't apply patch 3. I think that's the only thing we change to disable ffmpeg.

Just to follow up, 1.24.3 does indeed fail to compile on 2.6.38. Looking at zm_local_camera.h an .cpp I see that at least some of the code can handle HAVE_LINUX_VIDEODEV_H being undefined, so I patched configure.ac to warn instead of abort when videodev.h is not found but there is plenty of stuff th...

So, it looks like v4l1 is officially gone in 2.6.38 and hence 1.24.2 doesn't build. I haven't tried digging through SVN to see if anything's happened there, but searching only turned up some v4l2 work from 2007 that doesn't appear to have gone anywhere. Is there a plan for making this work with mode...

Bah, turns out this was a caching issue. Shift-reload hadn't helped, but dumping the entire firefox cache got things working.

I'm trying to push 1.24.2 packages to Fedora but while testing the new version I found that the VCR controls on the event view seem to have stopped working. The progress bar is not present (though it doesn't really seem to work in 1.24.1 either), the text above where the progress bar would be always...

The stuff we package is at http://cvs.fedoraproject.org/viewvc/rpms/zoneminder/; the file in question (for F11) is http://cvs.fedoraproject.org/viewvc/rpms/zoneminder/F-11/README.Fedora?revision=1.2&view=markup I'm sure I'll be in there messing with this soon as it looks like an update is coming...

Hmm, well the file does say that in order to upgrade, you need to run zmupdate.pl. I'm certainly open to suggestions if you think we could word that better. Upgrades ======== 1. You will need to upgrade the ZoneMinder database as described in the manual. This command should be sufficient: zmupdate.p...

If there's anything that we (the folks who package Zoneminder for Fedora) missed from the README.Fedora file included in the Fedora packages which would have helped you get up and going faster, please let us know. I suspect that after doing an install myself today, I'll be updating it with info abou...

I'm dismayed that there's no response to this. I note that four CVEs have been assigned to these issues: CVE-2008-3880: SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter. CVE...

I searched around this forum but I haven't seen any mention of the security issues disclosed on bugtraq yesterday: http://marc.info/?l=bugtraq&m=121976722628485&w=4 I happen to not agree with the "critical" severity as I believe the issues are only exploitable by authenticated user...