[Git][security-tracker-team/security-tracker][master] Track fixes for zabbix via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Nov 25 11:00:46 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
70156aad by Salvatore Bonaccorso at 2023-11-25T11:59:58+01:00
Track fixes for zabbix via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7173,25 +7173,25 @@ CVE-2023-40829 (There is an interface unauthorized access vulnerability in the b
CVE-2023-3781 (there is a possible use-after-free write due to improper locking. This ...)
NOT-FOR-US: Android
CVE-2023-32724 (Memory pointer is in a property of the Ducktape object. This leads to ...)
- - zabbix <unfixed> (bug #1053877)
+ - zabbix 1:6.0.23+dfsg-1 (bug #1053877)
[buster] - zabbix <not-affected> (vulnerable code introduced later)
NOTE: https://support.zabbix.com/browse/ZBX-23391
NOTE: https://github.com/zabbix/zabbix/commit/7266d0ac709b68ccb4d69d28253488670b8b4eb7 (release/5.0)
NOTE: https://github.com/zabbix/zabbix/commit/b28bf2f7081cffaeecbfb797d6e625e72679c06e (release/6.0)
CVE-2023-32723 (Request to LDAP is sent before user permissions are checked.)
- - zabbix <unfixed> (bug #1053877)
+ - zabbix 1:6.0.23+dfsg-1 (bug #1053877)
[bookworm] - zabbix <no-dsa> (Minor issue)
[bullseye] - zabbix <no-dsa> (Minor issue)
NOTE: https://support.zabbix.com/browse/ZBX-23230
NOTE: very likely commit https://github.com/zabbix/zabbix/commit/3576afe9b87d8ad1ba92a13c28ba904671087688 (for 4.0.x)
CVE-2023-32722 (The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow ...)
- - zabbix <unfixed> (bug #1053877)
+ - zabbix 1:6.0.23+dfsg-1 (bug #1053877)
[bookworm] - zabbix <no-dsa> (Minor issue)
[bullseye] - zabbix <no-dsa> (Minor issue)
[buster] - zabbix <not-affected> (vulnerable code introduced later)
NOTE: https://support.zabbix.com/browse/ZBX-23390
CVE-2023-32721 (A stored XSS has been found in the Zabbix web application in the Maps ...)
- - zabbix <unfixed> (bug #1053877)
+ - zabbix 1:6.0.23+dfsg-1 (bug #1053877)
[bookworm] - zabbix <no-dsa> (Minor issue)
[bullseye] - zabbix <no-dsa> (Minor issue)
NOTE: https://support.zabbix.com/browse/ZBX-23389
@@ -33261,7 +33261,7 @@ CVE-2023-29460 (An arbitrary code execution vulnerability contained in Rockwell
CVE-2023-29459 (The laola.redbull application through 5.1.9-R for Android exposes the ...)
NOT-FOR-US: laola.redbull
CVE-2023-29458 (Duktape is an 3rd-party embeddable JavaScript engine, with a focus on ...)
- - zabbix <unfixed> (bug #1055175)
+ - zabbix 1:6.0.23+dfsg-1 (bug #1055175)
[bookworm] - zabbix <no-dsa> (Minor issue)
[bullseye] - zabbix <no-dsa> (Minor issue)
[buster] - zabbix <not-affected> (vulnerable code introduced later)
@@ -33270,33 +33270,33 @@ CVE-2023-29458 (Duktape is an 3rd-party embeddable JavaScript engine, with a foc
NOTE: duktape library introduced with https://github.com/zabbix/zabbix/commit/d43b04665c1ade5b4a9f49db750b8ca6c82e9de2 (5.0.0alpha1)
CVE-2023-29457 (Reflected XSS attacks, occur when a malicious script is reflected off ...)
{DLA-3538-1}
- - zabbix <unfixed> (bug #1055175)
+ - zabbix 1:6.0.23+dfsg-1 (bug #1055175)
[bookworm] - zabbix <no-dsa> (Minor issue)
[bullseye] - zabbix <no-dsa> (Minor issue)
NOTE: https://support.zabbix.com/browse/ZBX-22988
CVE-2023-29456 (URL validation scheme receives input from a user and then parses it to ...)
{DLA-3538-1}
- - zabbix <unfixed> (bug #1055175)
+ - zabbix 1:6.0.23+dfsg-1 (bug #1055175)
[bookworm] - zabbix <no-dsa> (Minor issue)
[bullseye] - zabbix <no-dsa> (Minor issue)
NOTE: https://support.zabbix.com/browse/ZBX-22987
CVE-2023-29455 (Reflected XSS attacks, also known as non-persistent attacks, occur whe ...)
{DLA-3538-1}
- - zabbix <unfixed> (bug #1055175)
+ - zabbix 1:6.0.23+dfsg-1 (bug #1055175)
[bookworm] - zabbix <no-dsa> (Minor issue)
[bullseye] - zabbix <no-dsa> (Minor issue)
NOTE: https://support.zabbix.com/browse/ZBX-22986
CVE-2023-29454 (Stored or persistent cross-site scripting (XSS) is a type of XSS where ...)
{DLA-3538-1}
- - zabbix <unfixed> (bug #1055175)
+ - zabbix 1:6.0.23+dfsg-1 (bug #1055175)
[bookworm] - zabbix <no-dsa> (Minor issue)
[bullseye] - zabbix <no-dsa> (Minor issue)
NOTE: https://support.zabbix.com/browse/ZBX-22985
CVE-2023-29453 (Templates do not properly consider backticks (`) as Javascript string ...)
- - zabbix <unfixed> (unimportant)
+ - zabbix 1:6.0.23+dfsg-1 (unimportant)
NOTE: Zabbix in Debian uses Debian Go package
CVE-2023-29452 (Currently, geomap configuration (Administration -> General -> Geograph ...)
- - zabbix <unfixed> (bug #1055175)
+ - zabbix 1:6.0.23+dfsg-1 (bug #1055175)
[bookworm] - zabbix <no-dsa> (Minor issue)
[bullseye] - zabbix <not-affected> (vulnerable code introduced later)
[buster] - zabbix <not-affected> (vulnerable code introduced later)
@@ -33305,20 +33305,20 @@ CVE-2023-29452 (Currently, geomap configuration (Administration -> General -> Ge
NOTE: vulnerable geopmap widget introduced in version with https://github.com/zabbix/zabbix/commit/7e6a91149533b17b12c0317968b485e0c98d4ac2 (6.0.0alpha6)
CVE-2023-29451 (Specially crafted string can cause a buffer overrun in the JSON parser ...)
{DLA-3538-1}
- - zabbix <unfixed> (bug #1055175)
+ - zabbix 1:6.0.23+dfsg-1 (bug #1055175)
[bookworm] - zabbix <no-dsa> (Minor issue)
[bullseye] - zabbix <not-affected> (5.x not affected)
NOTE: https://support.zabbix.com/browse/ZBX-22587
CVE-2023-29450 (JavaScript pre-processing can be used by the attacker to gain access t ...)
{DLA-3538-1}
- - zabbix <unfixed> (bug #1055175)
+ - zabbix 1:6.0.23+dfsg-1 (bug #1055175)
[bookworm] - zabbix <no-dsa> (Minor issue)
[bullseye] - zabbix <no-dsa> (Minor issue)
NOTE: https://support.zabbix.com/browse/ZBX-22588
NOTE: Patch for 5.0.32rc1: https://github.com/zabbix/zabbix/commit/c3f1543e4
NOTE: Patch for 6.0.14rc2: https://github.com/zabbix/zabbix/commit/76f6a80cb
CVE-2023-29449 (JavaScript preprocessing, webhooks and global scripts can cause uncont ...)
- - zabbix <unfixed> (bug #1055175)
+ - zabbix 1:6.0.23+dfsg-1 (bug #1055175)
[bookworm] - zabbix <no-dsa> (Minor issue)
[bullseye] - zabbix <no-dsa> (Minor issue)
[buster] - zabbix <not-affected> (vulnerable code introduced later)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70156aadf8a020414438ab90f87497c62d1151f9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70156aadf8a020414438ab90f87497c62d1151f9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231125/fed6ceb1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list