Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2cba6d0a by Tobias Frost at 2024-09-15T15:21:00+02:00 CVE-2024-36462/zabbix - add upstream patch reference Problem Upstream Ticket: https://support.zabbix.com/browse/ZBX-25018 -> Upstream Changelog Entry: .......PS. [ZBX-25018] removed direct pointer access in custom javascript objects (wiper) Git Log reveals this is upstream dev ticket DEV-3755, which has been merged with commit 9aa4ab73c76a2395769ac1ec88a453a3066f0e79 (first seen in tag 7.0.1rc1) and b370b845cc4683896e65a93fe81f1204ccf62ba5 (first seen in tag 6.0.31rc1) 5.0.x seems to be affected too, but not fixed upstream. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -8209,6 +8209,8 @@ CVE-2024-36462 (Uncontrolled resource consumption refers to a software vulnerabi CVE-2024-36461 (Within Zabbix, users have the ability to directly modify memory pointe ...) - zabbix 1:7.0.1+dfsg-1 (bug #1078553) NOTE: https://support.zabbix.com/browse/ZBX-25018 + NOTE: fix: https://github.com/zabbix/zabbix/commit/9aa4ab73c76a2395769ac1ec88a453a3066f0e79 (7.0.x) + NOTE: fix: https://github.com/zabbix/zabbix/commit/b370b845cc4683896e65a93fe81f1204ccf62ba5 (6.0.x) CVE-2024-36460 (The front-end audit log allows viewing of unprotected plaintext passwo ...) - zabbix 1:7.0.1+dfsg-1 (bug #1078553) NOTE: https://support.zabbix.com/browse/ZBX-25017 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2cba6d0af84e2404bb2e287718b66d29d7e075d4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2cba6d0af84e2404bb2e287718b66d29d7e075d4 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
