[Git][security-tracker-team/security-tracker][master] Partially revert "lts: zabbix/CVE-2025-27240 not affecting Bookworm or Bullseye"
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Dec 6 09:42:46 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8db1c57b by Salvatore Bonaccorso at 2025-12-06T10:42:10+01:00
Partially revert "lts: zabbix/CVE-2025-27240 not affecting Bookworm or Bullseye"
This reverts commit 67523000c6aa35918d9196ce6efbaba2425a4aa7.
Upstream considers the issue affecting the whole 6.0.0 starting series,
so this needs more clarifications yet.
Keep the bullseye related tracking from the update.
Daniel, can you try to get an explicit confirmation from upstream?
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -28475,11 +28475,9 @@ CVE-2025-43787 (A Stored cross-site scripting vulnerability in the Liferay Porta
NOT-FOR-US: Liferay
CVE-2025-27240 (A Zabbix adminitrator can inject arbitrary SQL during the autoremoval ...)
- zabbix 1:7.0.5+dfsg-1
- [bookworm] - zabbix <not-affected> (Vulnerable code not present)
[bullseye] - zabbix <not-affected> (Vulnerable code not present)
NOTE: https://support.zabbix.com/browse/ZBX-26986
NOTE: Internal issue DEV-3902
- NOTE: Introduced in: https://github.com/zabbix/zabbix/commit/07cb267413c6fb0bea1cd087856c29c4788d820f (6.0.22rc1)
NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/f092a5067ad3555bb5aa908952f034b64b1f0718 (6.0.34rc1)
NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/53562f832665e15033062fb489cdaf18356d9eb1 (7.0.4rc1)
NOTE: Fixed in 6.0.34, 6.4.19, 7.0.4
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8db1c57b5b779cce613db3e8f833f1996a8be516
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8db1c57b5b779cce613db3e8f833f1996a8be516
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251206/7a4a36a7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list