[Git][security-tracker-team/security-tracker][master] Triaging CVE-2024-423277/zabbix
Tobias Frost (@tobi)
tobi at debian.org
Sun Dec 1 17:55:04 GMT 2024
Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e29946b2 by Tobias Frost at 2024-12-01T18:53:44+01:00
Triaging CVE-2024-423277/zabbix
Upstream ticket ZBX-25623 refers to DEV-3776 ("fixed SQL injection in
user.get API")
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -488,6 +488,7 @@ CVE-2024-42328 (When the webdriver for the Browser object downloads data from a
CVE-2024-42327 (A non-admin user account on the Zabbix frontend with the default User ...)
- zabbix <unfixed> (bug #1088689)
NOTE: https://support.zabbix.com/browse/ZBX-25623
+ NOTE: fixed in 6.0.32rc1 by https://github.com/zabbix/zabbix/commit/39ff97dbf6f229a1b9c4f38db061aa73dd680828 (6.0.x)
CVE-2024-42326 (There was discovered a use after free bug in browser.c in the es_brows ...)
- zabbix <unfixed> (bug #1088689)
NOTE: https://support.zabbix.com/browse/ZBX-25622
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e29946b229251ddcea67d9118ab0bf995efe903c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e29946b229251ddcea67d9118ab0bf995efe903c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241201/3ccc5d1e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list