[Git][security-tracker-team/security-tracker][master] Record upstream tags for some CVE fixes

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Dec 15 18:13:52 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d8190748 by Salvatore Bonaccorso at 2024-12-15T19:13:37+01:00
Record upstream tags for some CVE fixes

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33508,23 +33508,23 @@ CVE-2024-36462 (Uncontrolled resource consumption refers to a software vulnerabi
 	[bookworm] - zabbix <not-affected> (feature not present)
 	[bullseye] - zabbix <not-affected> (feature not present)
 	NOTE: https://support.zabbix.com/browse/ZBX-25019
-	NOTE: fix: https://github.com/zabbix/zabbix/commit/36663df8e81f073b049fba2c595a4bb7c6adea68 (7.0.x)
+	NOTE: fix: https://github.com/zabbix/zabbix/commit/36663df8e81f073b049fba2c595a4bb7c6adea68 (7.0.1rc1)
 	NOTE: WebDriver (Browser monitoring) feature introduced in https://github.com/zabbix/zabbix/commit/036f3e14be3, first seen in 7.0.0rc1
 CVE-2024-36461 (Within Zabbix, users have the ability to directly modify memory pointe ...)
 	{DLA-3909-1}
 	- zabbix 1:7.0.1+dfsg-1 (bug #1078553)
 	NOTE: https://support.zabbix.com/browse/ZBX-25018
-	NOTE: fix: https://github.com/zabbix/zabbix/commit/9aa4ab73c76a2395769ac1ec88a453a3066f0e79 (7.0.x)
-	NOTE: fix: https://github.com/zabbix/zabbix/commit/b370b845cc4683896e65a93fe81f1204ccf62ba5 (6.0.x)
+	NOTE: fix: https://github.com/zabbix/zabbix/commit/9aa4ab73c76a2395769ac1ec88a453a3066f0e79 (7.0.1rc1)
+	NOTE: fix: https://github.com/zabbix/zabbix/commit/b370b845cc4683896e65a93fe81f1204ccf62ba5 (6.0.31rc1)
 CVE-2024-36460 (The front-end audit log allows viewing of unprotected plaintext passwo ...)
 	{DLA-3909-1}
 	- zabbix 1:7.0.1+dfsg-1 (bug #1078553)
 	NOTE: https://support.zabbix.com/browse/ZBX-25017
-	NOTE: https://github.com/zabbix/zabbix/commit/37028d9ca96ceb39a13ae32f76e6aaa662bc80ea (7.0.x)
-	NOTE: https://github.com/zabbix/zabbix/commit/b5361b6481fb2d4dd1e8d87f214bf8ed07c1d247 (7.0.x)
-	NOTE: https://github.com/zabbix/zabbix/commit/b51426d55471dba96b82fb68ce1482692449267b (6.0.x)
-	NOTE: https://github.com/zabbix/zabbix/commit/171c79ba50b74b238a8e3ac18bd95178f95f656b (6.0.x)
-	NOTE: https://github.com/zabbix/zabbix/commit/6098bfe16bd4d6616577795b8b2b99597b4fde30 (5.0.x)
+	NOTE: https://github.com/zabbix/zabbix/commit/37028d9ca96ceb39a13ae32f76e6aaa662bc80ea (7.0.1rc1)
+	NOTE: https://github.com/zabbix/zabbix/commit/b5361b6481fb2d4dd1e8d87f214bf8ed07c1d247 (7.0.1rc1)
+	NOTE: https://github.com/zabbix/zabbix/commit/b51426d55471dba96b82fb68ce1482692449267b (6.0.31rc1)
+	NOTE: https://github.com/zabbix/zabbix/commit/171c79ba50b74b238a8e3ac18bd95178f95f656b (6.0.31rc1)
+	NOTE: https://github.com/zabbix/zabbix/commit/6098bfe16bd4d6616577795b8b2b99597b4fde30 (5.0.43rc1)
 CVE-2024-32765 (A vulnerability has been reported to affect Network & Virtual Switch.  ...)
 	NOT-FOR-US: QNAP
 CVE-2024-22123 (Setting SMS media allows to set GSM modem file. Later this file is use ...)
@@ -33538,9 +33538,9 @@ CVE-2024-22122 (Zabbix allows to configure SMS notifications. AT command injecti
 	{DLA-3909-1}
 	- zabbix 1:7.0.0+dfsg-1 (bug #1078553)
 	NOTE: https://support.zabbix.com/browse/ZBX-25012
-	NOTE: https://github.com/zabbix/zabbix/commit/9923c7dea89e19318621788df07dc7572a2528be (7.0.x)
-	NOTE: https://github.com/zabbix/zabbix/commit/2cd64d3522fe974f21487ce1606d65e10eea7bae (6.0.x)
-	NOTE: https://github.com/zabbix/zabbix/commit/5a41f3036dd47d7c196dbfc97c9923eca6f51094 (5.0.x)
+	NOTE: https://github.com/zabbix/zabbix/commit/9923c7dea89e19318621788df07dc7572a2528be (7.0.0rc3)
+	NOTE: https://github.com/zabbix/zabbix/commit/2cd64d3522fe974f21487ce1606d65e10eea7bae (6.0.31rc1)
+	NOTE: https://github.com/zabbix/zabbix/commit/5a41f3036dd47d7c196dbfc97c9923eca6f51094 (5.0.43rc1)
 CVE-2024-22121 (A non-admin user can change or remove important features within the Za ...)
 	- zabbix <not-affected> (vulnerability in Windows installer)
 	NOTE: https://support.zabbix.com/browse/ZBX-25011
@@ -33548,18 +33548,18 @@ CVE-2024-22116 (An administrator with restricted permissions can exploit the scr
 	{DLA-3909-1}
 	- zabbix 1:7.0.0+dfsg-1 (bug #1078553)
 	NOTE: https://support.zabbix.com/browse/ZBX-25016
-	NOTE: https://github.com/zabbix/zabbix/commit/afb3ab931d59af61e4f974634b85bcbed5a042b2 (7.0.x)
-	NOTE: https://github.com/zabbix/zabbix/commit/679e18f172fc1f9a78b19789fbbc52246871ff19 (7.0.x)
-	NOTE: https://github.com/zabbix/zabbix/commit/e6acaef1df1db44aaa9c1a0e1953a4da21425636 (7.0.x)
-	NOTE: https://github.com/zabbix/zabbix/commit/182e1a9d96dcd82de337b31dc1cbbd6b4b619281 (6.4.x)
-	NOTE: https://github.com/zabbix/zabbix/commit/a2dad304083387b8597ef1d67394f285b105f614 (6.4.x)
+	NOTE: https://github.com/zabbix/zabbix/commit/afb3ab931d59af61e4f974634b85bcbed5a042b2 (7.0.0rc3)
+	NOTE: https://github.com/zabbix/zabbix/commit/679e18f172fc1f9a78b19789fbbc52246871ff19 (7.0.1rc1)
+	NOTE: https://github.com/zabbix/zabbix/commit/e6acaef1df1db44aaa9c1a0e1953a4da21425636 (7.0.1rc1)
+	NOTE: https://github.com/zabbix/zabbix/commit/182e1a9d96dcd82de337b31dc1cbbd6b4b619281 (6.4.16rc1)
+	NOTE: https://github.com/zabbix/zabbix/commit/a2dad304083387b8597ef1d67394f285b105f614 (6.4.16rc1)
 CVE-2024-22114 (User with no permission to any of the Hosts can access and view host c ...)
 	{DLA-3909-1}
 	- zabbix 1:7.0.0+dfsg-1 (bug #1078553)
 	NOTE: https://support.zabbix.com/browse/ZBX-25015
-	NOTE: https://github.com/zabbix/zabbix/commit/44687a7aa09787db0939cc8bc6ae3178638fc1cf (7.0.x)
-	NOTE: https://github.com/zabbix/zabbix/commit/2c52375e51349a63af7d4620d83077f103dadf91 (6.0.x)
-	NOTE: https://github.com/zabbix/zabbix/commit/1a74fd3a8b9253e4e8e9e2989577dd0b3cc8b5f7 (5.0.x)
+	NOTE: https://github.com/zabbix/zabbix/commit/44687a7aa09787db0939cc8bc6ae3178638fc1cf (7.0.0rc3)
+	NOTE: https://github.com/zabbix/zabbix/commit/2c52375e51349a63af7d4620d83077f103dadf91 (6.0.31rc1)
+	NOTE: https://github.com/zabbix/zabbix/commit/1a74fd3a8b9253e4e8e9e2989577dd0b3cc8b5f7 (5.0.43rc1)
 CVE-2023-38018 (IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a passw ...)
 	NOT-FOR-US: IBM
 CVE-2023-31315 (Improper validation in a model specific register (MSR) could allow a m ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d81907485fa2fd79d45f1b3899eba0ba5aa8857c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d81907485fa2fd79d45f1b3899eba0ba5aa8857c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241215/42d35279/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list