[Git][security-tracker-team/security-tracker][master] CVE-2024-36469/zabbix pinpoint fixing commits
Tobias Frost (@tobi)
tobi at debian.org
Fri Apr 18 16:43:00 BST 2025
Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ddf8de05 by Tobias Frost at 2025-04-18T17:42:11+02:00
CVE-2024-36469/zabbix pinpoint fixing commits
(internal upstream ticket DEV-3009)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6135,6 +6135,9 @@ CVE-2024-39780 (A YAML deserialization vulnerability was found in the Robot Oper
CVE-2024-36469 (Execution time for an unsuccessful login differs when using a non-exis ...)
- zabbix 1:7.0.9+dfsg-1
NOTE: https://support.zabbix.com/browse/ZBX-2625
+ NOTE: fixed by (merge commit) https://github.com/zabbix/zabbix/commit/5193aba71cd6db8f0d7e53f88eb6e6e5b7c88102 (7.0.9rc1)
+ NOTE: fixed by (merge commit) https://github.com/zabbix/zabbix/commit/4735c3bac34036fd70c57b5f057da0e27c9cb2b4 (6.0.38rc1)
+ NOTE: Fixed by (merge commit) https://github.com/zabbix/zabbix/commit/6c5186ae53db12dcd0426ef85c147d4a83a9cca4 (5.0.46rc1)
CVE-2024-36465 (A low privilege (regular) Zabbix user with API access can use SQL inje ...)
- zabbix 1:7.0.9+dfsg-1
[bookworm] - zabbix <not-affected> (Vulnerable code introduced later)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddf8de0596b41cf915893cb9fd15012611aa92ad
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddf8de0596b41cf915893cb9fd15012611aa92ad
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250418/128f636b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list