[Git][security-tracker-team/security-tracker][master] Triaged CVE-2024-42332/zabbix

Sun Dec 1 18:35:35 GMT 2024


Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8e6764db by Tobias Frost at 2024-12-01T19:31:52+01:00
Triaged CVE-2024-42332/zabbix

Upstream ticket ZBX-25628 -> DEV-3942 leads to the patches.

The patch for 7.0.x appears first in 7.0.5rc1, thus the fixed version in
Debian is 1:7.0.5+dfsg-1

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -471,8 +471,10 @@ CVE-2024-42333 (The researcher is showing that it is possible to leak a small am
 	- zabbix <unfixed> (bug #1088689)
 	NOTE: https://support.zabbix.com/browse/ZBX-25629
 CVE-2024-42332 (The researcher is showing that due to the way the SNMP trap log is par ...)
-	- zabbix <unfixed> (bug #1088689)
+	- zabbix 1:7.0.5+dfsg-1 (bug #1088689)
 	NOTE: https://support.zabbix.com/browse/ZBX-25628
+	NOTE: fixed in 6.0.35rc1 by https://github.com/zabbix/zabbix/commit/c539a227623343187d9907186bce7c9c3bc57a52 (6.0.x)
+	NOTE: fixed in 7.0.5rc1 by https://github.com/zabbix/zabbix/commit/e2982fbe05fe0a232c3fd71f2a3426a0bf400f77 (7.0.x)
 CVE-2024-42331 (In the src/libs/zbxembed/browser.c file, the es_browser_ctor method re ...)
 	- zabbix <unfixed> (bug #1088689)
 	NOTE: https://support.zabbix.com/browse/ZBX-25627



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e6764dbbd0dd43d8ad10fdcca2ceb83109d8a72

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e6764dbbd0dd43d8ad10fdcca2ceb83109d8a72
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241201/a8c6c0be/attachment.htm>
