[Git][security-tracker-team/security-tracker][master] Triaging CVE-2024-36466/zabbix

Tobias Frost (@tobi) tobi at debian.org
Sun Dec 1 17:51:08 GMT 2024



Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b07a99be by Tobias Frost at 2024-12-01T18:49:41+01:00
Triaging CVE-2024-36466/zabbix

Upstream patch, identified by DEV-ticket DEV-3225 mentioned in ZBX-25635.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -385,6 +385,8 @@ CVE-2024-38309 (There are multiple stack-based buffer overflow vulnerabilities i
 CVE-2024-36466 (A bug in the code allows an attacker to sign a forged zbx_session cook ...)
 	- zabbix 1:7.0.1+dfsg-1
 	NOTE: https://support.zabbix.com/browse/ZBX-25635
+	NOTE: fixed for 6.0.x in 6.0.32rc1
+	NOTE: fixed by: https://github.com/zabbix/zabbix/commit/48e7615d1e1e3a5f543505cc6cb0a5564a655b58 (6.0.x)
 CVE-2024-11933 (Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overfl ...)
 	NOT-FOR-US: Fuji
 CVE-2024-11925 (The JobSearch WP Job Board plugin for WordPress is vulnerable to privi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b07a99bef6f2343dcb7eed89cba5897d47a5e0d0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b07a99bef6f2343dcb7eed89cba5897d47a5e0d0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241201/c4da313a/attachment.htm>


More information about the debian-security-tracker-commits mailing list