[Git][security-tracker-team/security-tracker][master] 3 commits: add patch link for zabbix/CVE-2025-49643
Daniel Leidert (@dleidert)
dleidert at debian.org
Sat Dec 6 04:13:13 GMT 2025
Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9ff4ad8a by Daniel Leidert at 2025-12-06T04:50:16+01:00
add patch link for zabbix/CVE-2025-49643
- - - - -
b2bf9272 by Daniel Leidert at 2025-12-06T04:59:10+01:00
lts: zabbix/CVE-2025-27238 not affecting Bookworm or Bullseye
- - - - -
67523000 by Daniel Leidert at 2025-12-06T05:12:09+01:00
lts: zabbix/CVE-2025-27240 not affecting Bookworm or Bullseye
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1629,6 +1629,9 @@ CVE-2025-51682 (mJobtime 15.7.2 handles authorization on the client side, which
CVE-2025-49643 (An authenticated Zabbix user (including Guest) is able to cause dispro ...)
- zabbix <unfixed> (bug #1121841)
NOTE: https://support.zabbix.com/browse/ZBX-27284
+ NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/b4757c1eaa571abbf0aa6fa2fe2e77ccf4c205f8 (7.0.19rc1)
+ NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/aeada86d3c8231e1e173c6a7ac19ea60bf899b86 (6.0.42rc1)
+ NOTE: Fixed in: 6.0.42, 7.0.19, 7.2.13, 7.4.3
CVE-2025-49642 (Library loading on AIX Zabbix Agent builds can be hijacked by local us ...)
- zabbix <not-affected> (Only affects Agent builds for AIX)
NOTE: https://support.zabbix.com/browse/ZBX-27283
@@ -28386,15 +28389,21 @@ CVE-2025-43787 (A Stored cross-site scripting vulnerability in the Liferay Porta
NOT-FOR-US: Liferay
CVE-2025-27240 (A Zabbix adminitrator can inject arbitrary SQL during the autoremoval ...)
- zabbix 1:7.0.5+dfsg-1
+ [bookworm] - zabbix <not-affected> (Vulnerable code not present)
+ [bullseye] - zabbix <not-affected> (Vulnerable code not present)
NOTE: https://support.zabbix.com/browse/ZBX-26986
NOTE: Internal issue DEV-3902
+ NOTE: Introduced in: https://github.com/zabbix/zabbix/commit/07cb267413c6fb0bea1cd087856c29c4788d820f (6.0.22rc1)
NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/f092a5067ad3555bb5aa908952f034b64b1f0718 (6.0.34rc1)
NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/53562f832665e15033062fb489cdaf18356d9eb1 (7.0.4rc1)
NOTE: Fixed in 6.0.34, 6.4.19, 7.0.4
CVE-2025-27238 (Due to a bug in Zabbix API, the hostprototype.get method lists all hos ...)
- zabbix <unfixed> (bug #1117448)
+ [bookworm] - zabbix <not-affected> (Vulnerable code not present)
+ [bullseye] - zabbix <not-affected> (Vulnerable code not present)
NOTE: https://support.zabbix.com/browse/ZBX-26988
NOTE: Internal issue DEV-4292
+ NOTE: Introduced by: https://github.com/zabbix/zabbix/commit/d4a2ba44e484a2ef0471ae5f839f94aa7357c3b0 (7.0.0beta1)
NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/2d607ccd0d099757e48bbb9d3abb7571268ed87e (7.0.14rc1)
NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/de83eeea59ca18e5a435a517570f8e6925f124ec (7.2.8rc1)
NOTE: Fixed in 7.0.14, 7.2.8
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b8929e12aac263f622308fc3746f5ed202e60f5b...67523000c6aa35918d9196ce6efbaba2425a4aa7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b8929e12aac263f622308fc3746f5ed202e60f5b...67523000c6aa35918d9196ce6efbaba2425a4aa7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251206/090eb649/attachment.htm>
More information about the debian-security-tracker-commits
mailing list