[Git][security-tracker-team/security-tracker][master] Track fixed version for zabbix issues in last unstable upload

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jan 24 08:53:46 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a45fd1c3 by Salvatore Bonaccorso at 2026-01-24T09:52:57+01:00
Track fixed version for zabbix issues in last unstable upload

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -42773,7 +42773,7 @@ CVE-2025-49844 (Redis is an open source, in-memory database that persists on dis
 	NOTE: https://github.com/redis/redis/commit/02b16202a30f619628305ed89d3ae7700c280793 (8.0.4)
 	NOTE: https://github.com/valkey-io/valkey/commit/6dd003e88feace83e55491f32376f6927896e31e
 CVE-2025-49641 (A regular Zabbix user with no permission to the Monitoring -> Problems ...)
-	- zabbix <unfixed> (bug #1117448)
+	- zabbix 1:7.0.22+dfsg-1 (bug #1117448)
 	[trixie] - zabbix <ignored> (The WEB UI is only supported for access by trusted users, no security updates issued for it, #1124558)
 	[bookworm] - zabbix <ignored> (The WEB UI is only supported for access by trusted users, no security updates issued for it, #1124558)
 	[bullseye] - zabbix <ignored> (The WEB UI is only supported for access by trusted users, no security updates issued for it, #1124558)
@@ -42861,7 +42861,7 @@ CVE-2025-27237 (In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuratio
 	- zabbix <not-affected> (Only affects Zabbix Agent and Agent2 on Windows)
 	NOTE: https://support.zabbix.com/browse/ZBX-27061
 CVE-2025-27236 (A regular Zabbix user can search other users in their user group via Z ...)
-	- zabbix <unfixed> (bug #1117448)
+	- zabbix 1:7.0.22+dfsg-1 (bug #1117448)
 	[trixie] - zabbix <ignored> (The WEB UI is only supported for access by trusted users, no security updates issued for it, #1124558)
 	[bookworm] - zabbix <ignored> (The WEB UI is only supported for access by trusted users, no security updates issued for it, #1124558)
 	[bullseye] - zabbix <ignored> (The WEB UI is only supported for access by trusted users, no security updates issued for it, #1124558)
@@ -42873,7 +42873,7 @@ CVE-2025-27236 (A regular Zabbix user can search other users in their user group
 	NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/bdfa09b08bb4a5434e40e54776f3be6e615a83b3 (7.4.1rc1)
 	NOTE: Fixed in: 6.0.41, 7.0.17, 7.2.11, 7.4.1
 CVE-2025-27231 (The LDAP 'Bind password' value cannot be read after saving, but a Supe ...)
-	- zabbix <unfixed> (bug #1117448)
+	- zabbix 1:7.0.22+dfsg-1 (bug #1117448)
 	NOTE: https://support.zabbix.com/browse/ZBX-27062
 	NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/32ec2f59007abd5f4bae9b5c7a7f056e8d128776 (6.0.41rc1)
 	NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/4579a2432cab92b0ef61f0047c2446b9f77df342 (7.0.18rc1)
@@ -51866,7 +51866,7 @@ CVE-2025-27240 (A Zabbix adminitrator can inject arbitrary SQL during the autore
 	NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/53562f832665e15033062fb489cdaf18356d9eb1 (7.0.4rc1)
 	NOTE: Fixed in 6.0.34, 6.4.19, 7.0.4
 CVE-2025-27238 (Due to a bug in Zabbix API, the hostprototype.get method lists all hos ...)
-	- zabbix <unfixed> (bug #1117448)
+	- zabbix 1:7.0.22+dfsg-1 (bug #1117448)
 	[bookworm] - zabbix <not-affected> (Vulnerable code not present)
 	[bullseye] - zabbix <not-affected> (Vulnerable code not present)
 	NOTE: https://support.zabbix.com/browse/ZBX-26988
@@ -51891,7 +51891,7 @@ CVE-2025-27234 (Zabbix Agent 2 smartctl plugin does not properly sanitize smart.
 	NOTE: Fixed by [7/8]: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/3d471b650f133c43935f7db38cf277122d253a3a (5.0.47rc1)
 	NOTE: Fixed by [8/8]: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/d18935be5fadca6c85ce0a715ce85e757d1dc80b (5.0.47rc1)
 CVE-2025-27233 (Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.g ...)
-	- zabbix <unfixed> (bug #1117448)
+	- zabbix 1:7.0.22+dfsg-1 (bug #1117448)
 	[bullseye] - zabbix <not-affected> (Vulnerable code not present, CVE-2025-27234 specific for the 5.0.x codebase)
 	NOTE: https://support.zabbix.com/browse/ZBX-26987
 	NOTE: Internal issue DEV-4211 (relates to CVE-2025-27234 for 5.0.x codebase)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a45fd1c3d6779c9f63cda23e854e3defec30c6f0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a45fd1c3d6779c9f63cda23e854e3defec30c6f0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260124/3fd0efff/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list