[Git][security-tracker-team/security-tracker][master] Added zabbix to dla-needed with the motivation that some CVE was fixed in stretch.

Ola Lundqvist (@opal) opal at debian.org
Sun Sep 11 23:01:58 BST 2022



Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
553b006f by Ola Lundqvist at 2022-09-12T00:01:36+02:00
Added zabbix to dla-needed with the motivation that some CVE was fixed in stretch.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -48870,6 +48870,7 @@ CVE-2022-23134 (After the initial setup process, some steps of setup.php file ar
 	NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/aa0fecfbcc9794bc00206630a7424575dfc944df (5.0.19rc2)
 CVE-2022-23133 (An authenticated user can create a hosts group from the configuration  ...)
 	- zabbix 1:6.0.7+dfsg-2
+	[buster] - zabbix <not-affected> (Vulnerable code introduced later, and reverted with the fix)
 	[stretch] - zabbix <not-affected> (Vulnerable code introduced later, and reverted with the fix)
 	NOTE: https://support.zabbix.com/browse/ZBX-20388
 	NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/74b8716a73c324e6cdbdda1de434e7872740a908 (5.0.19rc1)


=====================================
data/dla-needed.txt
=====================================
@@ -185,6 +185,9 @@ wordpress
   NOTE: 20220911: Programming language: PHP
   NOTE: 20220911: Further investigation needed to see what parts of 6.0.2 update that applies to buster.
 --
+zabbix
+  NOTE: 20220911: At least CVE-2022-23134 was fixed in stretch so it should be fixed in buster too.
+--
 zlib (Emilio)
   NOTE: 20220813: Programming language: C.
   NOTE: 20220813: VCS: https://salsa.debian.org/lts-team/packages/zlib/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/553b006f1afb594c01aecb8ce64cc1807e7b7338

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/553b006f1afb594c01aecb8ce64cc1807e7b7338
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220911/d1b01766/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list