[Git][security-tracker-team/security-tracker][master] CVE-2024-22120/zabbix identified patch

Sun Sep 29 17:44:41 BST 2024


Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker


Commits:
226f20c9 by Tobias Frost at 2024-09-29T18:42:50+02:00
CVE-2024-22120/zabbix identified patch

Upstream ticket ZBX-24505 -> Changelog entry text matched to git log finds
upstream dev ticket DEV-3121, finds the commits.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35210,6 +35210,8 @@ CVE-2024-22120 (Zabbix server can perform command execution for configured scrip
 	- zabbix 1:6.0.29+dfsg-1 (bug #1072120)
 	[buster] - zabbix <not-affected> (Vulnerable code introduced later)
 	NOTE: https://support.zabbix.com/browse/ZBX-24505
+	NOTE: fixed by https://github.com/zabbix/zabbix/commit/9013ff74985e40aee6b58e2ed67675b87cab0879 (7.0.0beta2)
+	NOTE: fixed by https://github.com/zabbix/zabbix/commit/c8ac414ff44127c3e8781eb029f519c060f623fa (6.0.28rc1)
 CVE-2024-21746 (Authentication Bypass by Spoofing vulnerability in Wpmet Wp Ultimate R ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-5597 (A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboar ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/226f20c9b353230533123a0effe63bb2ccf2c6b7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/226f20c9b353230533123a0effe63bb2ccf2c6b7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240929/994b2a1d/attachment-0001.htm>
