[Git][security-tracker-team/security-tracker][master] Reserve DLA-3390-1 for zabbix
Tobias Frost (@tobi)
tobi at debian.org
Wed Apr 12 14:29:33 BST 2023
Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker
Commits:
312f67b1 by Tobias Frost at 2023-04-12T15:29:16+02:00
Reserve DLA-3390-1 for zabbix
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -156301,7 +156301,6 @@ CVE-2021-27928 (A remote code execution issue was discovered in MariaDB 10.2 bef
NOTE: Fixed in MariaDB: 10.5.9, 10.4.18, 10.3.28, 10.2.27
CVE-2021-27927 (In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5 ...)
- zabbix 1:5.0.8+dfsg-1
- [buster] - zabbix <no-dsa> (Minor issue)
[stretch] - zabbix <not-affected> (Vulnerable code introduced later)
NOTE: https://support.zabbix.com/browse/ZBX-18942
NOTE: CControllerAuthenticationUpdate introduced by authentication revamp in https://support.zabbix.com/browse/ZBXNEXT-4573 (4.0)
@@ -215440,7 +215439,6 @@ CVE-2020-15804
CVE-2020-15803 (Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x bef ...)
{DLA-2631-1 DLA-2311-1}
- zabbix 1:5.0.2+dfsg-1 (bug #966146)
- [buster] - zabbix <no-dsa> (Minor issue)
NOTE: https://support.zabbix.com/browse/ZBX-18057
CVE-2020-15802 (Devices supporting Bluetooth before 5.1 may allow man-in-the-middle at ...)
NOTE: Bluetooth protocol issue
@@ -270422,7 +270420,6 @@ CVE-2019-15133 (In GIFLIB before 2019-02-16, a malformed GIF file triggers a div
CVE-2019-15132 (Zabbix through 4.4.0alpha1 allows User Enumeration. With login request ...)
{DLA-2631-1}
- zabbix 1:5.0.7+dfsg-1 (bug #935027)
- [buster] - zabbix <no-dsa> (Minor issue)
[jessie] - zabbix <postponed> (Minor issue)
NOTE: https://support.zabbix.com/browse/ZBX-16532
NOTE: https://support.zabbix.com/browse/ZBX-5842
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[12 Apr 2023] DLA-3390-1 zabbix - security update
+ {CVE-2019-15132 CVE-2020-15803 CVE-2021-27927 CVE-2022-24349 CVE-2022-24917 CVE-2022-24919 CVE-2022-35229 CVE-2022-35230}
+ [buster] - zabbix 1:4.0.4+dfsg-1+deb10u1
[10 Apr 2023] DLA-3389-1 lldpd - security update
{CVE-2020-27827 CVE-2021-43612}
[buster] - lldpd 1.0.3-1+deb10u1
=====================================
data/dla-needed.txt
=====================================
@@ -300,9 +300,3 @@ wordpress (guilhem)
NOTE: 20230302: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/wordpress.html
NOTE: 20230302: buster is 6 CVEs behind bullseye (Beuc/front-desk)
--
-zabbix (tobi)
- NOTE: 20220911: At least CVE-2022-23134 was fixed in stretch so it should be fixed in buster too.
- NOTE: 20221209: Programming language: C.
- NOTE: 20221209: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/zabbix.html
- NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/zabbix.git
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/312f67b135383634ccce5c06b62c365d5d579dca
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/312f67b135383634ccce5c06b62c365d5d579dca
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230412/5c69270b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list