[Git][security-tracker-team/security-tracker][master] CVE-2023-29449/zabbix does not affect buster.
Tobias Frost (@tobi)
tobi at debian.org
Fri Aug 11 08:35:56 BST 2023
Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker
Commits:
df2eb1ce by Tobias Frost at 2023-08-11T09:35:28+02:00
CVE-2023-29449/zabbix does not affect buster.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16738,7 +16738,11 @@ CVE-2023-29450 (JavaScript pre-processing can be used by the attacker to gain ac
NOTE: https://support.zabbix.com/browse/ZBX-22588
CVE-2023-29449 (JavaScript preprocessing, webhooks and global scripts can cause uncont ...)
- zabbix <unfixed>
+ [buster] - zabbix <not-affected> (vulnerable code introduced later)
NOTE: https://support.zabbix.com/browse/ZBX-22589
+ NOTE: Upstream patch for 5.0.32: https://github.com/zabbix/zabbix/commit/e90b8a3c62
+ NOTE: applied in upstream release/5.0 branch: https://github.com/zabbix/zabbix/commit/c21cf2fa656b75733e3abc09d8f20690735b3f22
+ NOTE: vulnerable module introduced in https://github.com/zabbix/zabbix/commit/18d2abfc40 (5.0.0alpha1)
CVE-2023-29448
RESERVED
CVE-2023-29447
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df2eb1ce7c1a337f6b1fb91ff5706afac8865501
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df2eb1ce7c1a337f6b1fb91ff5706afac8865501
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230811/c4861666/attachment.htm>
More information about the debian-security-tracker-commits
mailing list