Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker
Commits: b274c509 by Tobias Frost at 2024-12-07T08:48:05+01:00 CVE-2024-36466/zabbix not affecting bullseye With https://github.com/zabbix/zabbix/commit/24e7ca3c792fe3581fdb39c3f7c914c6a4c92500 upstream introduced storing sessions in cookies, which is the vulnerable feature. This commit is first seen in 6.0.0alpha1. Accordingly, Bookworm is vulnerable - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1895,9 +1895,11 @@ CVE-2024-38309 (There are multiple stack-based buffer overflow vulnerabilities i NOT-FOR-US: Fuji CVE-2024-36466 (A bug in the code allows an attacker to sign a forged zbx_session cook ...) - zabbix 1:7.0.1+dfsg-1 + [bullseye] - zabbix <not-affected> (Vulnerable code introduced later) NOTE: https://support.zabbix.com/browse/ZBX-25635 NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/6e39148b7361312f730d87e4438f692a2c39d07e (7.0.1rc1) NOTE: Fixed by: https://github.com/zabbix/zabbix/commit/48e7615d1e1e3a5f543505cc6cb0a5564a655b58 (6.0.32rc1) + NOTE: Vulnerable feature introduced with https://github.com/zabbix/zabbix/commit/24e7ca3c792fe3581fdb39c3f7c914c6a4c92500 (6.0.0alpha1) CVE-2024-11933 (Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overfl ...) NOT-FOR-US: Fuji CVE-2024-11925 (The JobSearch WP Job Board plugin for WordPress is vulnerable to privi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b274c509cc78d72eb2540ae2256c7cbcad68093e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b274c509cc78d72eb2540ae2256c7cbcad68093e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
