[Git][security-tracker-team/security-tracker][master] CVE-2023-32723/zabbix, identified upstream fix.
Tobias Frost (@tobi)
tobi at debian.org
Sun Oct 22 08:53:15 BST 2023
Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7661cd41 by Tobias Frost at 2023-10-22T09:52:56+02:00
CVE-2023-32723/zabbix, identified upstream fix.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1525,6 +1525,7 @@ CVE-2023-32724 (Memory pointer is in a property of the Ducktape object. This lea
CVE-2023-32723 (Request to LDAP is sent before user permissions are checked.)
- zabbix <unfixed> (bug #1053877)
NOTE: https://support.zabbix.com/browse/ZBX-23230
+ NOTE: very likely commit https://github.com/zabbix/zabbix/commit/3576afe9b87d8ad1ba92a13c28ba904671087688 (for 4.0.x)
CVE-2023-32722 (The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow ...)
- zabbix <unfixed> (bug #1053877)
[buster] - zabbix <not-affected> (vulnerable code introduced later)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7661cd41edc8758ba26754e32d6c3a2da902ace4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7661cd41edc8758ba26754e32d6c3a2da902ace4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231022/b39c032f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list