[Git][security-tracker-team/security-tracker][master] Triaging CVE-2024-42331/zabbix
Tobias Frost (@tobi)
tobi at debian.org
Mon Dec 2 17:45:52 GMT 2024
Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker
Commits:
533f3358 by Tobias Frost at 2024-12-02T18:44:05+01:00
Triaging CVE-2024-42331/zabbix
ZBX-25627 -> DEV-3941
Fixed upstream in 7.0.4rc1 (first Debian upload 1:7.0.5-1)
Commits:
Main (Merge-)Commit: https://github.com/zabbix/zabbix/commit/e1bcc14d49a779587b6f31dddaf1ccbba4008d20
Additional Commit: https://github.com/zabbix/zabbix/commit/72d2ce61872fcbace8f8dfdabc0568c99980989d (fixing a warning)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -548,8 +548,10 @@ CVE-2024-42332 (The researcher is showing that due to the way the SNMP trap log
NOTE: Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/e2982fbe05fe0a232c3fd71f2a3426a0bf400f77 (7.0.5rc1)
NOTE: Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/c539a227623343187d9907186bce7c9c3bc57a52 (6.0.35rc1)
CVE-2024-42331 (In the src/libs/zbxembed/browser.c file, the es_browser_ctor method re ...)
- - zabbix <unfixed> (bug #1088689)
+ - zabbix 1:7.0.5+dfsg-1 (bug #1088689)
NOTE: https://support.zabbix.com/browse/ZBX-25627
+ NOTE: Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/e1bcc14d49a779587b6f31dddaf1ccbba4008d20
+ NOTE: and additionally https://github.com/zabbix/zabbix/commit/e731ed95fda7572ebae5eaffaa70f41e8f897e0d (7.0.4rc1)
CVE-2024-42330 (The HttpRequest object allows to get the HTTP headers from the server' ...)
- zabbix 1:7.0.5+dfsg-1 (bug #1088689)
NOTE: https://support.zabbix.com/browse/ZBX-25626
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/533f3358f9abcc1939d73e4c6baa2d4bfd2e50e4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/533f3358f9abcc1939d73e4c6baa2d4bfd2e50e4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241202/92dcd177/attachment.htm>
More information about the debian-security-tracker-commits
mailing list