zabbix (1:4.0.4+dfsg-1+deb10u2) buster-security; urgency=medium

  This update addresses several security vulnerabilties:

  CVE-2013-7484 (Insecure storage of passwords)
    A stronger bcrypt cryptography is now used for hashing user passwords
    instead of MD5. The change to the stronger cryptography after the upgrade
    is automatic, i.e. no effort on the user side is required. Note that
    passwords longer than 72 characters will be truncated.

    Please note that zabbix does not update your sqlite3 databases, you
    will need to delete your database and start with a new one.

  CVE-2019-17382 (Disputed upstream as not a security issue)
    The guest user can access dashboards which might contain sensitive
    information. It is recommended to disable the guest user, if the user
    is not needed, by disabling the "Guest group" in the UI:
      Administration -> User groups -> Guests -> Untick Enabled

 -- Tobias Frost <tobi@debian.org>  Tue, 22 Aug 2023 11:57:54 +0200

zabbix (1:2.4.3+dfsg-1) experimental; urgency=low

  Services do not use config files in "/etc/default" any more. When first
  installed servers and proxy should be configured for automatic start
  using "systemd":

    sudo systemctl enable zabbix-{server|proxy}

  or SysV init system:

    sudo update-rc.d zabbix-{server|proxy} enable

 -- Dmitry Smirnov <onlyjob@debian.org>  Wed, 05 Nov 2014 15:40:16 +1100