Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2731639a by Moritz Muehlenhoff at 2023-08-20T17:06:29+02:00 bullseye/bookworm triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1270,6 +1270,8 @@ CVE-2023-34545 (A SQL injection vulnerability in CSZCMS 1.3.0 allows remote atta NOT-FOR-US: CSZCMS CVE-2023-33953 (gRPC contains a vulnerability that allows hpack table accounting error ...) - grpc <unfixed> + [bookworm] - grpc <no-dsa> (Minor issue) + [bullseye] - grpc <no-dsa> (Minor issue) [buster] - grpc <postponed> (recheck when upstream patch is available/published) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2230890 NOTE: https://cloud.google.com/support/bulletins#gcp-2023-022 @@ -14726,6 +14728,8 @@ CVE-2023-30578 RESERVED CVE-2023-30577 (AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag- ...) - amanda <unfixed> + [bookworm] - amanda <no-dsa> (Minor issue) + [bullseye] - amanda <no-dsa> (Minor issue) NOTE: https://github.com/zmanda/amanda/security/advisories/GHSA-crrw-v393-h5q3 NOTE: https://github.com/zmanda/amanda/pull/228 CVE-2023-30576 (Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a free ...) @@ -17923,6 +17927,7 @@ CVE-2023-29410 (A CWE-20: Improper Input Validation vulnerability exists that co CVE-2023-29409 (Extremely large RSA keys in certificate chains can cause a client/serv ...) - golang-1.20 1.20.7-1 - golang-1.19 1.19.12-1 + [bookworm] - golang-1.19 <no-dsa> (Minor issue) - golang-1.15 <removed> [bullseye] - golang-1.15 <no-dsa> (Minor issue) - golang-1.11 <removed> @@ -63673,6 +63678,7 @@ CVE-2022-41715 (Programs which compile regular expressions from untrusted source - golang-1.18 1.18.7-1 - golang-1.17 <unfixed> - golang-1.15 <removed> + [bullseye] - golang-1.15 <no-dsa> (Minor issue) - golang-1.11 <removed> [buster] - golang-1.11 <postponed> (Limited support, follow bullseye DSAs/point-releases) NOTE: https://go.dev/issue/55949 @@ -214441,6 +214447,7 @@ CVE-2020-24188 (Cross-site scripting (XSS) vulnerability in the search functiona NOT-FOR-US: United Planet Intrexx Professional CVE-2020-24187 (An issue was discovered in ecma-helpers.c in jerryscript version 2.3.0 ...) - iotjs <removed> + [bullseye] - iotjs <ignored> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4076 CVE-2020-24186 (A Remote Code Execution vulnerability exists in the gVectors wpDiscuz ...) NOT-FOR-US: gVectors wpDiscuz plugin for WordPress View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2731639a18ec1ab2c4b4975ebf606fa610544a5f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2731639a18ec1ab2c4b4975ebf606fa610544a5f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits