[Git][security-tracker-team/security-tracker][master] CVE-2025-27236/zabbix

Mon Oct 20 17:38:44 BST 2025


Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2db9e107 by Bastien Roucariès at 2025-10-20T18:37:55+02:00
CVE-2025-27236/zabbix

Internal issue found using history commit by git log of this internal issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5652,6 +5652,11 @@ CVE-2025-27237 (In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuratio
 CVE-2025-27236 (A regular Zabbix user can search other users in their user group via Z ...)
 	- zabbix <unfixed> (bug #1117448)
 	NOTE: https://support.zabbix.com/browse/ZBX-27060
+	NOTE: Internal issue DEV-4295
+	NOTE: Fixed by merge commit https://github.com/zabbix/zabbix/commit/d9404e01005c83e91216caeebcfdbbdcbb64b4d9 (6.0.40rc1)
+	NOTE: Fixed by merge commit https://github.com/zabbix/zabbix/commit/15d30787f648e27a7bbc305a465952c279e971a0 (7.0.17rc1)
+	NOTE: Fixed by merge commit https://github.com/zabbix/zabbix/commit/7f63f05b187b87cf06694de817d93a954de05398 (7.2.11rc1)
+	NOTE: Fixed by merge commit https://github.com/zabbix/zabbix/commit/bdfa09b08bb4a5434e40e54776f3be6e615a83b3 (7.4.1rc1)
 	NOTE: Fixed in: 6.0.41, 7.0.17, 7.2.11, 7.4.1
 CVE-2025-27231 (The LDAP 'Bind password' value cannot be read after saving, but a Supe ...)
 	- zabbix <unfixed> (bug #1117448)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2db9e10767fe7c16d54ce560f008294fe49d24f8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2db9e10767fe7c16d54ce560f008294fe49d24f8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251020/80c692b0/attachment.htm>
