Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8db1c57b by Salvatore Bonaccorso at 2025-12-06T10:42:10+01:00
Partially revert "lts: zabbix/CVE-2025-27240 not affecting Bookworm or Bullseye"
This reverts commit 67523000c6aa35918d9196ce6efbaba2425a4aa7.
Upstream considers the issue affecting the whole 6.0.0 starting series,
so this needs more clarifications yet.
Keep the bullseye related tracking from the update.
Daniel, can you try to get an explicit confirmation from upstream?
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -28475,11 +28475,9 @@ CVE-2025-43787 (A Stored cross-site scripting
vulnerability in the Liferay Porta
NOT-FOR-US: Liferay
CVE-2025-27240 (A Zabbix adminitrator can inject arbitrary SQL during the
autoremoval ...)
- zabbix 1:7.0.5+dfsg-1
- [bookworm] - zabbix <not-affected> (Vulnerable code not present)
[bullseye] - zabbix <not-affected> (Vulnerable code not present)
NOTE: https://support.zabbix.com/browse/ZBX-26986
NOTE: Internal issue DEV-3902
- NOTE: Introduced in:
https://github.com/zabbix/zabbix/commit/07cb267413c6fb0bea1cd087856c29c4788d820f
(6.0.22rc1)
NOTE: Fixed by:
https://github.com/zabbix/zabbix/commit/f092a5067ad3555bb5aa908952f034b64b1f0718
(6.0.34rc1)
NOTE: Fixed by:
https://github.com/zabbix/zabbix/commit/53562f832665e15033062fb489cdaf18356d9eb1
(7.0.4rc1)
NOTE: Fixed in 6.0.34, 6.4.19, 7.0.4
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8db1c57b5b779cce613db3e8f833f1996a8be516
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8db1c57b5b779cce613db3e8f833f1996a8be516
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
