[Git][security-tracker-team/security-tracker][master] CVE-2024-42329/zabbix not affecting bullseye

Tobias Frost (@tobi) tobi at debian.org
Fri Dec 6 18:10:50 GMT 2024



Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2fba4e80 by Tobias Frost at 2024-12-06T19:10:21+01:00
CVE-2024-42329/zabbix not affecting bullseye

vulnerable feature, webdriver, is a new feature of Zabbix 7.0

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1723,8 +1723,10 @@ CVE-2024-42330 (The HttpRequest object allows to get the HTTP headers from the s
 	NOTE: Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/6dfc7a30e8e3ecd984cb64da6430f4c1fc61ec2d (6.0.34rc1)
 CVE-2024-42329 (The webdriver for the Browser object expects an error object to be ini ...)
 	- zabbix 1:7.0.5+dfsg-1 (bug #1088689)
+	[bullseye] - zabbix <not-affected> (Vulnerable code introduced later)
 	NOTE: https://support.zabbix.com/browse/ZBX-25625
 	NOTE: Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/65c4acee83191158522bc75552912fdce2cac9da (7.0.4rc1)
+	NOTE: webdriver.c introduced with vesion 7.0.0rc1 commit https://github.com/zabbix/zabbix/commit/4d22c15fe4499602e0da5399e3dd6dc9da03277b
 CVE-2024-42328 (When the webdriver for the Browser object downloads data from a HTTP s ...)
 	- zabbix <unfixed> (bug #1088689)
 	NOTE: https://support.zabbix.com/browse/ZBX-25624



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fba4e804a866435d123d0a872683186fde1c7e7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fba4e804a866435d123d0a872683186fde1c7e7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241206/833f101f/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list