[Git][security-tracker-team/security-tracker][master] CVE-2022-23133/zabbix: stretch not-affected

[Sylvain Beucler (@beuc)]

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b954ce84 by Sylvain Beucler at 2022-02-04T14:45:50+01:00
CVE-2022-23133/zabbix: stretch not-affected

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4501,8 +4501,10 @@ CVE-2022-23134 (After the initial setup process, some steps of setup.php file ar
 	NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/aa0fecfbcc9794bc00206630a7424575dfc944df (5.0.19rc2)
 CVE-2022-23133 (An authenticated user can create a hosts group from the configuration  ...)
 	- zabbix <unfixed>
+	[stretch] - zabbix <not-affected> (Vulnerable code introduced later, and reverted with the fix)
 	NOTE: https://support.zabbix.com/browse/ZBX-20388
 	NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/74b8716a73c324e6cdbdda1de434e7872740a908 (5.0.19rc1)
+	NOTE: Introduced by: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/f3654d0173ea244a2319a093f7c4e27ad9086dc3 (4.4.0alpha3)
 CVE-2022-23132 (During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability i ...)
 	- zabbix <unfixed>
 	[stretch] - zabbix <not-affected> (Not using RPM or DAC_OVERRIDE in Debian installs, zbx_ipc_service_init_env() not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b954ce84d07609fb033dec8ce720ebd00781147c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b954ce84d07609fb033dec8ce720ebd00781147c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220204/06b14f3c/attachment.htm>