[Git][security-tracker-team/security-tracker][master] Triaging CVE-2024-36463/zabbix

Tobias Frost (@tobi) tobi at debian.org
Sun Dec 1 17:20:04 GMT 2024



Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ba748b96 by Tobias Frost at 2024-12-01T18:19:10+01:00
Triaging  CVE-2024-36463/zabbix

Upstream ticket ZBX-25611 says this is a duplicate of DEV-3798.
The patches are this DEV-ticket.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -708,7 +708,12 @@ CVE-2024-38830 (VMware Aria Operations contains a local privilege escalation vul
 	NOT-FOR-US: VMware
 CVE-2024-36463 (The implementation of atob in "Zabbix JS" allows to create a string wi ...)
 	- zabbix 1:7.0.3+dfsg-1
+	[bullseye] - zabbix 1:5.0.44+dfsg-1+deb11u1
 	NOTE: https://support.zabbix.com/browse/ZBX-25611
+	NOTE: fixed for 6.0.x in 6.0.33rc1
+	NOTE: fixed by: https://github.com/zabbix/zabbix/commit/a4117b60b61285cb1bb5000ba77127207758a675 (6.0.x)
+	NOTE: fixed for 5.0.x in 5.0.43rc1
+	NOTE: fixed by: https://github.com/zabbix/zabbix/commit/df7736664caf49b4a58d75b4410cff587be615f0 (5.0.x)
 CVE-2024-32965 (Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat  ...)
 	NOT-FOR-US: Lobe Chat
 CVE-2024-22117 (When a URL is added to the map element, it is recorded in the database ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba748b96d6357f694108d5f2bd076147f80f414d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba748b96d6357f694108d5f2bd076147f80f414d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241201/0d65eb29/attachment.htm>


More information about the debian-security-tracker-commits mailing list