[Git][security-tracker-team/security-tracker][master] Try to consolidate style for some notes
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Apr 18 19:19:38 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
348199d9 by Salvatore Bonaccorso at 2025-04-18T20:19:12+02:00
Try to consolidate style for some notes
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6122,13 +6122,13 @@ CVE-2025-0415 (A remote attacker with web administrator privileges can exploit t
CVE-2024-45700 (Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled ...)
- zabbix 1:7.0.10+dfsg-1
NOTE: https://support.zabbix.com/browse/ZBX-26253
- NOTE: fixed by (merge commit) https://github.com/zabbix/zabbix/commit/c0757920b12922eaafca2abe7318446b5c5fefaa (7.0.10rc1)
- NOTE: fixed by (merge commit) https://github.com/zabbix/zabbix/commit/f3d13f079d9e8764b407876f50fde2f06088ea0d (6.0.39rc1)
+ NOTE: Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/c0757920b12922eaafca2abe7318446b5c5fefaa (7.0.10rc1)
+ NOTE: Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/f3d13f079d9e8764b407876f50fde2f06088ea0d (6.0.39rc1)
CVE-2024-45699 (The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross- ...)
- zabbix 1:7.0.9+dfsg-1
NOTE: https://support.zabbix.com/browse/ZBX-26254
- NOTE: fixed by https://github.com/zabbix/zabbix/commit/4c2cf43fade6ea6239f9cba32527a547461bdec9 (7.0.7rc1)
- NOTE: fixed by (merge commit) https://github.com/zabbix/zabbix/commit/6b98ae293a088183b1c1ba0428664d76f98ef36c (6.0.37rc1)
+ NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/4c2cf43fade6ea6239f9cba32527a547461bdec9 (7.0.7rc1)
+ NOTE: Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/6b98ae293a088183b1c1ba0428664d76f98ef36c (6.0.37rc1)
CVE-2024-42325 (Zabbix API user.get returns all users that share common group with the ...)
- zabbix 1:7.0.9+dfsg-1
NOTE: https://support.zabbix.com/browse/ZBX-26258
@@ -6143,15 +6143,15 @@ CVE-2024-39780 (A YAML deserialization vulnerability was found in the Robot Oper
CVE-2024-36469 (Execution time for an unsuccessful login differs when using a non-exis ...)
- zabbix 1:7.0.9+dfsg-1
NOTE: https://support.zabbix.com/browse/ZBX-2625
- NOTE: fixed by (merge commit) https://github.com/zabbix/zabbix/commit/5193aba71cd6db8f0d7e53f88eb6e6e5b7c88102 (7.0.9rc1)
- NOTE: fixed by (merge commit) https://github.com/zabbix/zabbix/commit/4735c3bac34036fd70c57b5f057da0e27c9cb2b4 (6.0.38rc1)
- NOTE: Fixed by (merge commit) https://github.com/zabbix/zabbix/commit/6c5186ae53db12dcd0426ef85c147d4a83a9cca4 (5.0.46rc1)
+ NOTE: Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/5193aba71cd6db8f0d7e53f88eb6e6e5b7c88102 (7.0.9rc1)
+ NOTE: Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/4735c3bac34036fd70c57b5f057da0e27c9cb2b4 (6.0.38rc1)
+ NOTE: Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/6c5186ae53db12dcd0426ef85c147d4a83a9cca4 (5.0.46rc1)
CVE-2024-36465 (A low privilege (regular) Zabbix user with API access can use SQL inje ...)
- zabbix 1:7.0.9+dfsg-1
[bookworm] - zabbix <not-affected> (Vulnerable code introduced later)
[bullseye] - zabbix <not-affected> (Vulnerable code introduced later)
NOTE: https://support.zabbix.com/browse/ZBX-26257
- NOTE: Fixed by https://github.com/zabbix/zabbix/commit/529eec6957abff2f687c39219fa7a4a739d094c1 (7.0.8rc2)
+ NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/529eec6957abff2f687c39219fa7a4a739d094c1 (7.0.8rc2)
NOTE: "groupBy" feature introduced with https://github.com/zabbix/zabbix/commit/8a4e40ca6ff3b6be5c4144aaabf25cba315f5f4c (7.0.0alpha3)
CVE-2024-13941 (A vulnerability was found in ouch-org ouch up to 0.3.1. It has been cl ...)
NOT-FOR-US: ouch-org ouch
@@ -45873,7 +45873,7 @@ CVE-2024-22117 (When a URL is added to the map element, it is recorded in the da
NOTE: https://support.zabbix.com/browse/ZBX-25610
NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/bcf43da8eaaafc03e53845085f5b87d8c858ac81 (7.0.4rc1)
NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/73d694022cd8e3468d1fdb1dc672e8d0eb9a2fc3 (6.0.34rc1)
- NOTE: fixed by: https://github.com/zabbix/zabbix/commit/c9810cd2dfe65922ec5e84f06c0b44d38262fbe5 (5.0.44rc1)
+ NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/c9810cd2dfe65922ec5e84f06c0b44d38262fbe5 (5.0.44rc1)
CVE-2024-11828 (A denial of service (DoS) condition was discovered in GitLab CE/EE aff ...)
- gitlab <unfixed>
CVE-2024-11743 (A vulnerability, which was classified as problematic, was found in Sou ...)
@@ -79173,8 +79173,8 @@ CVE-2024-41110 (Moby is an open-source project created by Docker for software co
[bookworm] - docker.io 20.10.24+dfsg1-1+deb12u1
NOTE: https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq
NOTE: https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
- NOTE: 20.10 branch: fixed by https://github.com/moby/moby/commit/88c4b7690840044ce15489699294ec7c5dadf5dd
- NOTE: follow-up: https://github.com/moby/moby/commit/7ff423cc1c991d8dc0a7b5d1d93e1cf3efaac169
+ NOTE: Fixed by https://github.com/moby/moby/commit/88c4b7690840044ce15489699294ec7c5dadf5dd (20.10 branch)
+ NOTE: Follow-up: https://github.com/moby/moby/commit/7ff423cc1c991d8dc0a7b5d1d93e1cf3efaac169
CVE-2024-40575 (An issue in Huawei Technologies opengauss (openGauss 5.0.0 build) v.7. ...)
NOT-FOR-US: Huawei Technologies opengauss
CVE-2024-40495 (A vulnerability was discovered in Linksys Router E2500 with firmware 2 ...)
@@ -84930,7 +84930,7 @@ CVE-2024-39884 (A regression in the core of Apache HTTP Server 2.4.60 ignores so
NOTE: [regression] Fix was not fully merged in 2.4.61 and need another patch:
NOTE: https://github.com/apache/httpd/pull/475 (patch [3/4] from trunk)
NOTE: [regression] Tracked at: https://bugs.debian.org/1079206
- NOTE: Regression fixed by commit: https://github.com/apache/httpd/commit/5f82765bc640ddb6a13a681464856bf8f8a5cb10 (2.4.x)
+ NOTE: Regression fixed by: https://github.com/apache/httpd/commit/5f82765bc640ddb6a13a681464856bf8f8a5cb10 (2.4.x)
CVE-2024-39573 (Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier ...)
{DSA-5729-1}
- apache2 2.4.60-1
@@ -84944,7 +84944,7 @@ CVE-2024-38477 (null pointer dereference in mod_proxy in Apache HTTP Server 2.4.
NOTE: Fixed by https://github.com/apache/httpd/commit/1d98d4db186e708f059336fb9342d0adb6925e85 (2.4.60)
NOTE: (or https://svn.apache.org/viewvc?view=revision&revision=1918607)
NOTE: Regression identified by Ubuntu https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2072648
- NOTE: Regression fixed by https://github.com/apache/httpd/commit/4d3a308014be26e5407113b4c827a1ea2882bf38 (2.4.60)
+ NOTE: Regression fixed by: https://github.com/apache/httpd/commit/4d3a308014be26e5407113b4c827a1ea2882bf38 (2.4.60)
CVE-2024-38476 (Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vul ...)
{DSA-5729-1}
- apache2 2.4.60-1
@@ -99483,8 +99483,8 @@ CVE-2024-22120 (Zabbix server can perform command execution for configured scrip
[bullseye] - zabbix <not-affected> (Vulnerable code introduced later)
[buster] - zabbix <not-affected> (Vulnerable code introduced later)
NOTE: https://support.zabbix.com/browse/ZBX-24505
- NOTE: fixed by https://github.com/zabbix/zabbix/commit/9013ff74985e40aee6b58e2ed67675b87cab0879 (7.0.0beta2)
- NOTE: fixed by https://github.com/zabbix/zabbix/commit/c8ac414ff44127c3e8781eb029f519c060f623fa (6.0.28rc1)
+ NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/9013ff74985e40aee6b58e2ed67675b87cab0879 (7.0.0beta2)
+ NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/c8ac414ff44127c3e8781eb029f519c060f623fa (6.0.28rc1)
NOTE: introduced by https://github.com/zabbix/zabbix/commit/6c276d866d3f96689609d70c5893cfff8cac7cd6 (first seen in 6.0.0alpha1)
CVE-2024-21746 (Authentication Bypass by Spoofing vulnerability in Wpmet Wp Ultimate R ...)
NOT-FOR-US: WordPress plugin
@@ -152183,8 +152183,8 @@ CVE-2023-32723 (Request to LDAP is sent before user permissions are checked.)
{DLA-3717-1}
- zabbix 1:5.0.0+dfsg-1 (bug #1053877)
NOTE: https://support.zabbix.com/browse/ZBX-23230
- NOTE: fixed by https://github.com/zabbix/zabbix/commit/3576afe9b87d8ad1ba92a13c28ba904671087688 (for 4.0.x)
- NOTE: fixed by https://github.com/zabbix/zabbix/commit/5f73a8536a9c639ef1b30f6cca1eef0f968328ce (5.0.0alpha4)
+ NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/3576afe9b87d8ad1ba92a13c28ba904671087688 (for 4.0.x)
+ NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/5f73a8536a9c639ef1b30f6cca1eef0f968328ce (5.0.0alpha4)
NOTE: affected version ranges:
NOTE: 4.0.0 - 4.0.19rc1; fixed in 4.0.20rc1
NOTE: 4.4.0 - 4.4.7rc1; fixed in 4.4.8rc1
@@ -152195,8 +152195,8 @@ CVE-2023-32722 (The zabbix/src/libs/zbxjson module is vulnerable to a buffer ove
[bookworm] - zabbix <no-dsa> (Minor issue)
[buster] - zabbix <not-affected> (vulnerable code introduced later)
NOTE: https://support.zabbix.com/browse/ZBX-23390
- NOTE: fixed by https://github.com/zabbix/zabbix/commit/5310e1e011dbb81397a3ab0d6586d597ff7e5599 (7.0.0alpha4)
- NOTE: fixed by https://github.com/zabbix/zabbix/commit/93c04d6260bfa599014532986c421a3a1c93b60b (6.0.21rc1)
+ NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/5310e1e011dbb81397a3ab0d6586d597ff7e5599 (7.0.0alpha4)
+ NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/93c04d6260bfa599014532986c421a3a1c93b60b (6.0.21rc1)
CVE-2023-32721 (A stored XSS has been found in the Zabbix web application in the Maps ...)
{DLA-3909-1 DLA-3717-1}
- zabbix 1:6.0.23+dfsg-1 (bug #1053877)
@@ -378004,7 +378004,7 @@ CVE-2020-23269 (An issue was discovered in gpac 0.8.0. The stbl_GetSampleSize fu
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1482
- NOTE: fixed by fixes for related bugs, no specific commit identified upstream
+ NOTE: Fixed by fixes for related bugs, no specific commit identified upstream
NOTE: poc tested with 1.0.1+dfsg1-4+deb11u1
NOTE: https://github.com/gpac/gpac/commit/e4ed32bf56fc02fb8a04b9e13f4d7bdae2b3ae12 (v0.9.0-preview)
CVE-2020-23268
@@ -378014,7 +378014,7 @@ CVE-2020-23267 (An issue was discovered in gpac 0.8.0. The gf_hinter_track_proce
[buster] - gpac <end-of-life> (EOL in buster LTS)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://github.com/gpac/gpac/issues/1479
- NOTE: fixed by fixes for related bugs, no specific commit identified upstream
+ NOTE: Fixed by fixes for related bugs, no specific commit identified upstream
NOTE: poc tested with 1.0.1+dfsg1-4+deb11u1
NOTE: https://github.com/gpac/gpac/commit/b286aa0cdc0cb781e96430c8777d38f066a2c9f9 (v0.9.0, v0.8.1)
CVE-2020-23266 (An issue was discovered in gpac 0.8.0. The OD_ReadUTF8String function ...)
@@ -409722,7 +409722,7 @@ CVE-2020-10719 (A flaw was found in Undertow in versions before 2.1.1.Final, reg
- undertow 2.1.1-1 (bug #969913)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1828459
NOTE: https://issues.redhat.com/browse/UNDERTOW-1708 (not public)
- NOTE: most likely fixed by https://github.com/undertow-io/undertow/commit/bfc8fbd67f6b3dd96702b363f61cf805baf3c6cf
+ NOTE: Most likely fixed by https://github.com/undertow-io/undertow/commit/bfc8fbd67f6b3dd96702b363f61cf805baf3c6cf
CVE-2020-10718 (A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, wher ...)
- wildfly <itp> (bug #752018)
CVE-2020-10717 (A potential DoS flaw was found in the virtio-fs shared file system dae ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/348199d960cb2ad16440fd6c5775fdc5606293a3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/348199d960cb2ad16440fd6c5775fdc5606293a3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250418/eade5638/attachment.htm>
More information about the debian-security-tracker-commits
mailing list