CVE-2022-23133/zabbix: stretch not-affected

author: Sylvain Beucler <beuc@beuc.net> 2022-02-04 14:45:01 +0100
committer: Sylvain Beucler <beuc@beuc.net> 2022-02-04 14:45:50 +0100
commit: b954ce84d07609fb033dec8ce720ebd00781147c (patch)
tree: 9accb3e66b5e15cf29e0425e39a850a323090117 /data
parent: d0ea97c65dbc059201fa92da058d128a8eb11f6b (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list
index b042d3aba0..9315f8cdcb 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -4501,8 +4501,10 @@ CVE-2022-23134 (After the initial setup process, some steps of setup.php file ar
 	NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/aa0fecfbcc9794bc00206630a7424575dfc944df (5.0.19rc2)
 CVE-2022-23133 (An authenticated user can create a hosts group from the configuration  ...)
 	- zabbix <unfixed>
+	[stretch] - zabbix <not-affected> (Vulnerable code introduced later, and reverted with the fix)
 	NOTE: https://support.zabbix.com/browse/ZBX-20388
 	NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/74b8716a73c324e6cdbdda1de434e7872740a908 (5.0.19rc1)
+	NOTE: Introduced by: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/f3654d0173ea244a2319a093f7c4e27ad9086dc3 (4.4.0alpha3)
 CVE-2022-23132 (During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability i ...)
 	- zabbix <unfixed>
 	[stretch] - zabbix <not-affected> (Not using RPM or DAC_OVERRIDE in Debian installs, zbx_ipc_service_init_env() not present)
author	Sylvain Beucler <beuc@beuc.net>	2022-02-04 14:45:01 +0100
committer	Sylvain Beucler <beuc@beuc.net>	2022-02-04 14:45:50 +0100
commit	b954ce84d07609fb033dec8ce720ebd00781147c (patch)
tree	9accb3e66b5e15cf29e0425e39a850a323090117 /data
parent	d0ea97c65dbc059201fa92da058d128a8eb11f6b (diff)