[Git][security-tracker-team/security-tracker][master] CVE-2025-27240/zabbix
Bastien Roucariès (@rouca)
rouca at debian.org
Mon Oct 20 19:05:17 BST 2025
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker
Commits:
606adcf8 by Bastien Roucariès at 2025-10-20T20:03:52+02:00
CVE-2025-27240/zabbix
Add internal bug id (found by history) and commit that fix found by matching this id
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -14578,6 +14578,9 @@ CVE-2025-43787 (A Stored cross-site scripting vulnerability in the Liferay Porta
CVE-2025-27240 (A Zabbix adminitrator can inject arbitrary SQL during the autoremoval ...)
- zabbix 1:7.0.5+dfsg-1
NOTE: https://support.zabbix.com/browse/ZBX-26986
+ NOTE: Internal issue DEV-3902
+ NOTE: Fixed by merge commit https://github.com/zabbix/zabbix/commit/f092a5067ad3555bb5aa908952f034b64b1f0718 (6.0.34rc1)
+ NOTE: Fixed by commit https://github.com/zabbix/zabbix/commit/f092a5067ad3555bb5aa908952f034b64b1f071853562f832665e15033062fb489cdaf18356d9eb1 (7.0.4rc1)
NOTE: Fixed in 6.0.34, 6.4.19, 7.0.4
CVE-2025-27238 (Due to a bug in Zabbix API, the hostprototype.get method lists all hos ...)
- zabbix <unfixed> (bug #1117448)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/606adcf8a8b333c9b1ef615f27442f75b07ca856
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/606adcf8a8b333c9b1ef615f27442f75b07ca856
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251020/9c9a83a3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list