[Git][security-tracker-team/security-tracker][master] CVE-2024-36462/zabbix - add upstream patch reference

Tobias Frost (@tobi) tobi at debian.org
Sun Sep 15 14:23:22 BST 2024 


Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2cba6d0a by Tobias Frost at 2024-09-15T15:21:00+02:00
CVE-2024-36462/zabbix - add upstream patch reference

Problem Upstream Ticket: https://support.zabbix.com/browse/ZBX-25018 ->
Upstream Changelog Entry:
.......PS. [ZBX-25018] removed direct pointer access in custom javascript objects (wiper)
Git Log reveals this is upstream dev ticket DEV-3755, which has been
merged with commit 9aa4ab73c76a2395769ac1ec88a453a3066f0e79 (first seen
in tag 7.0.1rc1) and b370b845cc4683896e65a93fe81f1204ccf62ba5 (first seen in tag 6.0.31rc1)

5.0.x seems to be affected too, but not fixed upstream.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8209,6 +8209,8 @@ CVE-2024-36462 (Uncontrolled resource consumption refers to a software vulnerabi
 CVE-2024-36461 (Within Zabbix, users have the ability to directly modify memory pointe ...)
 	- zabbix 1:7.0.1+dfsg-1 (bug #1078553)
 	NOTE: https://support.zabbix.com/browse/ZBX-25018
+	NOTE: fix: https://github.com/zabbix/zabbix/commit/9aa4ab73c76a2395769ac1ec88a453a3066f0e79 (7.0.x)
+	NOTE: fix: https://github.com/zabbix/zabbix/commit/b370b845cc4683896e65a93fe81f1204ccf62ba5 (6.0.x)
 CVE-2024-36460 (The front-end audit log allows viewing of unprotected plaintext passwo ...)
 	- zabbix 1:7.0.1+dfsg-1 (bug #1078553)
 	NOTE: https://support.zabbix.com/browse/ZBX-25017



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2cba6d0af84e2404bb2e287718b66d29d7e075d4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2cba6d0af84e2404bb2e287718b66d29d7e075d4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240915/1006c9b9/attachment.htm>

More information about the debian-security-tracker-commits mailing list