[Git][security-tracker-team/security-tracker][master] zabbix triage

Thu Feb 5 19:16:49 GMT 2026


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
70bfb6c0 by Moritz Muehlenhoff at 2026-02-05T20:16:13+01:00
zabbix triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -46938,6 +46938,8 @@ CVE-2025-27236 (A regular Zabbix user can search other users in their user group
 	NOTE: Fixed in: 6.0.41, 7.0.17, 7.2.11, 7.4.1
 CVE-2025-27231 (The LDAP 'Bind password' value cannot be read after saving, but a Supe ...)
 	- zabbix 1:7.0.22+dfsg-1 (bug #1117448)
+	[trixie] - zabbix <ignored> (The WEB UI is only supported for access by trusted users, no security updates issued for it, #1124558)
+	[bookworm] - zabbix <ignored> (The WEB UI is only supported for access by trusted users, no security updates issued for it, #1124558)
 	NOTE: https://support.zabbix.com/browse/ZBX-27062
 	NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/32ec2f59007abd5f4bae9b5c7a7f056e8d128776 (6.0.41rc1)
 	NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/4579a2432cab92b0ef61f0047c2446b9f77df342 (7.0.18rc1)
@@ -55924,6 +55926,7 @@ CVE-2025-43787 (A Stored cross-site scripting vulnerability in the Liferay Porta
 	NOT-FOR-US: Liferay
 CVE-2025-27240 (A Zabbix adminitrator can inject arbitrary SQL during the autoremoval  ...)
 	- zabbix 1:7.0.5+dfsg-1
+	[bookworm] - zabbix <ignored> (The WEB UI is only supported for access by trusted users, no security updates issued for it, #1124558)
 	[bullseye] - zabbix <not-affected> (Vulnerable code not present)
 	NOTE: https://support.zabbix.com/browse/ZBX-26986
 	NOTE: Internal issue DEV-3902
@@ -55932,6 +55935,7 @@ CVE-2025-27240 (A Zabbix adminitrator can inject arbitrary SQL during the autore
 	NOTE: Fixed in 6.0.34, 6.4.19, 7.0.4
 CVE-2025-27238 (Due to a bug in Zabbix API, the hostprototype.get method lists all hos ...)
 	- zabbix 1:7.0.22+dfsg-1 (bug #1117448)
+	[trixie] - zabbix <no-dsa> (Minor issue)
 	[bookworm] - zabbix <not-affected> (Vulnerable code not present)
 	[bullseye] - zabbix <not-affected> (Vulnerable code not present)
 	NOTE: https://support.zabbix.com/browse/ZBX-26988
@@ -55957,6 +55961,8 @@ CVE-2025-27234 (Zabbix Agent 2 smartctl plugin does not properly sanitize smart.
 	NOTE: Fixed by [8/8]: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/d18935be5fadca6c85ce0a715ce85e757d1dc80b (5.0.47rc1)
 CVE-2025-27233 (Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.g ...)
 	- zabbix 1:7.0.22+dfsg-1 (bug #1117448)
+	[trixie] - zabbix <no-dsa> (Minor issue)
+	[bookworm] - zabbix <no-dsa> (Minor issue)
 	[bullseye] - zabbix <not-affected> (Vulnerable code not present, CVE-2025-27234 specific for the 5.0.x codebase)
 	NOTE: https://support.zabbix.com/browse/ZBX-26987
 	NOTE: Internal issue DEV-4211 (relates to CVE-2025-27234 for 5.0.x codebase)
@@ -107281,6 +107287,7 @@ CVE-2025-0415 (A remote attacker with web administrator privileges can exploit t
 CVE-2024-45700 (Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled ...)
 	{DLA-4131-1}
 	- zabbix 1:7.0.10+dfsg-1
+	[bookworm] - zabbix <no-dsa> (Minor issue)
 	NOTE: https://support.zabbix.com/browse/ZBX-26253
 	NOTE: Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/c0757920b12922eaafca2abe7318446b5c5fefaa (7.0.10rc1)
 	NOTE: Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/f3d13f079d9e8764b407876f50fde2f06088ea0d (6.0.39rc1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70bfb6c0595053d86ef38cbb68cee5090dca2e17

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70bfb6c0595053d86ef38cbb68cee5090dca2e17
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260205/662bf023/attachment.htm>
