bookworm triage

Moritz Muehlenhoff (@jmm) Sun, 20 Aug 2023 08:07:01 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2731639a by Moritz Muehlenhoff at 2023-08-20T17:06:29+02:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1270,6 +1270,8 @@ CVE-2023-34545 (A SQL injection vulnerability in CSZCMS 
1.3.0 allows remote atta
        NOT-FOR-US: CSZCMS
 CVE-2023-33953 (gRPC contains a vulnerability that allows hpack table 
accounting error ...)
        - grpc <unfixed>
+       [bookworm] - grpc <no-dsa> (Minor issue)
+       [bullseye] - grpc <no-dsa> (Minor issue)
        [buster] - grpc <postponed> (recheck when upstream patch is 
available/published)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2230890
        NOTE: https://cloud.google.com/support/bulletins#gcp-2023-022
@@ -14726,6 +14728,8 @@ CVE-2023-30578
        RESERVED
 CVE-2023-30577 (AMANDA (Advanced Maryland Automatic Network Disk Archiver) 
before tag- ...)
        - amanda <unfixed>
+       [bookworm] - amanda <no-dsa> (Minor issue)
+       [bullseye] - amanda <no-dsa> (Minor issue)
        NOTE: 
https://github.com/zmanda/amanda/security/advisories/GHSA-crrw-v393-h5q3
        NOTE: https://github.com/zmanda/amanda/pull/228
 CVE-2023-30576 (Apache Guacamole 0.9.10 through 1.5.1 may continue to 
reference a free ...)
@@ -17923,6 +17927,7 @@ CVE-2023-29410 (A CWE-20: Improper Input Validation 
vulnerability exists that co
 CVE-2023-29409 (Extremely large RSA keys in certificate chains can cause a 
client/serv ...)
        - golang-1.20 1.20.7-1
        - golang-1.19 1.19.12-1
+       [bookworm] - golang-1.19 <no-dsa> (Minor issue)
        - golang-1.15 <removed>
        [bullseye] - golang-1.15 <no-dsa> (Minor issue)
        - golang-1.11 <removed>
@@ -63673,6 +63678,7 @@ CVE-2022-41715 (Programs which compile regular 
expressions from untrusted source
        - golang-1.18 1.18.7-1
        - golang-1.17 <unfixed>
        - golang-1.15 <removed>
+       [bullseye] - golang-1.15 <no-dsa> (Minor issue)
        - golang-1.11 <removed>
        [buster] - golang-1.11 <postponed> (Limited support, follow bullseye 
DSAs/point-releases)
        NOTE: https://go.dev/issue/55949
@@ -214441,6 +214447,7 @@ CVE-2020-24188 (Cross-site scripting (XSS) 
vulnerability in the search functiona
        NOT-FOR-US: United Planet Intrexx Professional
 CVE-2020-24187 (An issue was discovered in ecma-helpers.c in jerryscript 
version 2.3.0 ...)
        - iotjs <removed>
+       [bullseye] - iotjs <ignored> (Minor issue)
        NOTE: https://github.com/jerryscript-project/jerryscript/issues/4076
 CVE-2020-24186 (A Remote Code Execution vulnerability exists in the gVectors 
wpDiscuz  ...)
        NOT-FOR-US: gVectors wpDiscuz plugin for WordPress



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2731639a18ec1ab2c4b4975ebf606fa610544a5f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2731639a18ec1ab2c4b4975ebf606fa610544a5f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Reply via email to