[Git][security-tracker-team/security-tracker][master] CVE-2024-36460/zabbix

Sun, 15 Sep 2024 06:46:07 -0700 


Tobias Frost pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
160a713b by Tobias Frost at 2024-09-15T15:42:57+02:00
CVE-2024-36460/zabbix

add upstream patches, determined via upstream ticket
https://support.zabbix.com/browse/ZBX-25017 ->
Changelog entry "fixed sensitive data exposure from audit log"
and analysing changes in range of affected version stated upstream
brings dev ticket DEV-3753 and git log --grep finds the commit ids.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8214,6 +8214,11 @@ CVE-2024-36461 (Within Zabbix, users have the ability to 
directly modify memory
 CVE-2024-36460 (The front-end audit log allows viewing of unprotected 
plaintext passwo ...)
        - zabbix 1:7.0.1+dfsg-1 (bug #1078553)
        NOTE: https://support.zabbix.com/browse/ZBX-25017
+       NOTE: patches: 
https://github.com/zabbix/zabbix/commit/37028d9ca96ceb39a13ae32f76e6aaa662bc80ea
 and
+       NOTE:   
https://github.com/zabbix/zabbix/commit/b5361b6481fb2d4dd1e8d87f214bf8ed07c1d247
 (7.0.x)
+       NOTE: patches: 
https://github.com/zabbix/zabbix/commit/b51426d55471dba96b82fb68ce1482692449267b
 and
+       NOTE:   
https://github.com/zabbix/zabbix/commit/171c79ba50b74b238a8e3ac18bd95178f95f656b
 (6.0.x)
+       NOTE: patch: 
https://github.com/zabbix/zabbix/commit/6098bfe16bd4d6616577795b8b2b99597b4fde30
 (5.0.x)
 CVE-2024-32765 (A vulnerability has been reported to affect Network & Virtual 
Switch.  ...)
        NOT-FOR-US: QNAP
 CVE-2024-22123 (Setting SMS media allows to set GSM modem file. Later this 
file is use ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/160a713b14ee591bbd2d27eda2617d0ac8637310

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/160a713b14ee591bbd2d27eda2617d0ac8637310
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to