| Message ID | 20260401083323.399106-2-skandigraun@gmail.com |
|---|---|
| State | Under Review |
| Headers | show |
| Series | [meta-oe,1/2] zabbix: upgrade 7.0.23 -> 7.0.24 | expand |
diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix_7.0.24.bb b/meta-oe/recipes-connectivity/zabbix/zabbix_7.0.24.bb index 330dd1e943..ecd7802326 100644 --- a/meta-oe/recipes-connectivity/zabbix/zabbix_7.0.24.bb +++ b/meta-oe/recipes-connectivity/zabbix/zabbix_7.0.24.bb @@ -77,3 +77,7 @@ FILES:${PN} += "${libdir}" RDEPENDS:${PN} = "logrotate" CVE_STATUS[CVE-2026-23925] = "fixed-version: fixed since 7.0.18" +CVE_STATUS[CVE-2026-23919] = "fixed-version: fixed since 7.0.19" +CVE_STATUS[CVE-2026-23920] = "fixed-version: fixed since 7.0.22" +CVE_STATUS[CVE-2026-23921] = "fixed-version: fixed since 7.0.22" +CVE_STATUS[CVE-2026-23923] = "cpe-incorrect: 7.0 versions don't have the vulnerable code"
CVE-2026-23919: Has been fixed since version 7.0.19[1], mark it as patched CVE-2026-23920: Has been fixed since version 7.0.22[2], mark it as patched CVE-2026-23921: Has been fixed since version 7.0.22[3], mark it as patched CVE-2026-23923: The vulnerable code isn't present in 7.0 yet, it is specific to 7.4 versions. Compare the fix[4] in 7.4, which is changes code that doesn't exist in the recipe version. Ignore this CVE due to this. [1]: https://support.zabbix.com/browse/ZBX-27638 [2]: https://support.zabbix.com/browse/ZBX-27639 [3]: https://support.zabbix.com/browse/ZBX-27640 [4]: https://github.com/zabbix/zabbix/commit/043c28c2083bf8ea596966f2b6b51a26de7deca3 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- meta-oe/recipes-connectivity/zabbix/zabbix_7.0.24.bb | 4 ++++ 1 file changed, 4 insertions(+)