[Git][security-tracker-team/security-tracker][master] Triaging CVE-2024-42330/zabbix

Tobias Frost (@tobi) tobi at debian.org
Sun Dec 1 18:21:52 GMT 2024



Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0a1685b1 by Tobias Frost at 2024-12-01T19:19:17+01:00
Triaging CVE-2024-42330/zabbix

upstream ticket ZBX-25626 references DEV-3940, leading to the patches.

This means that unstable has been fixed already with 1:7.0.5+dfsg-1.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -477,8 +477,10 @@ CVE-2024-42331 (In the src/libs/zbxembed/browser.c file, the es_browser_ctor met
 	- zabbix <unfixed> (bug #1088689)
 	NOTE: https://support.zabbix.com/browse/ZBX-25627
 CVE-2024-42330 (The HttpRequest object allows to get the HTTP headers from the server' ...)
-	- zabbix <unfixed> (bug #1088689)
+	- zabbix 1:7.0.5+dfsg-1 (bug #1088689)
 	NOTE: https://support.zabbix.com/browse/ZBX-25626
+	NOTE: fixed in 6.0.34rc1 by https://github.com/zabbix/zabbix/commit/6dfc7a30e8e3ecd984cb64da6430f4c1fc61ec2d (6.0.x)
+	NOTE: fixed in 7.0.4rc1 by https://github.com/zabbix/zabbix/commit/e82c5941242edc9f4a96e101caaf27e106f73f47 (7.0.x)
 CVE-2024-42329 (The webdriver for the Browser object expects an error object to be ini ...)
 	- zabbix <unfixed> (bug #1088689)
 	NOTE: https://support.zabbix.com/browse/ZBX-25625



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a1685b10a9609e54c7b709e503f5ccdf3529e35

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a1685b10a9609e54c7b709e503f5ccdf3529e35
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241201/c5ccd486/attachment.htm>


More information about the debian-security-tracker-commits mailing list