[Git][security-tracker-team/security-tracker][master] Sync status for CVE-2023-32731/grpc with findings from triage

Tue Aug 1 10:34:40 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e78fce8b by Salvatore Bonaccorso at 2023-08-01T11:33:34+02:00
Sync status for CVE-2023-32731/grpc with findings from triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6028,10 +6028,7 @@ CVE-2023-32732 (gRPC contains a vulnerability whereby a client can cause a termi
 	NOTE: https://github.com/grpc/grpc/pull/32309
 	NOTE: CVE description and fix are sensible, but there seem to be confusion: https://github.com/grpc/grpc/pull/32309#issuecomment-1589703522
 CVE-2023-32731 (When gRPC HTTP2 stack raised a header size exceeded error, it skipped  ...)
-	- grpc <unfixed>
-	[bookworm] - grpc <no-dsa> (Minor issue)
-	[bullseye] - grpc <no-dsa> (Minor issue)
-	[buster] - grpc <not-affected> (Vulnerable code introduced later)
+	- grpc <not-affected> (Vulnerable code introduced later)
 	NOTE: Introduced by: https://github.com/grpc/grpc/pull/32309#issuecomment-1589561295 (v1.53.0-pre1)
 	NOTE: Fixed by: https://github.com/grpc/grpc/commit/65a2a895afaf1d2072447b9baf246374b182a946 (v1.56.0-pre1)
 CVE-2023-32312 (UmbracoIdentityExtensions is an Umbraco add-on package that enables ea ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e78fce8bce7190143d171da14df1451812468135

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e78fce8bce7190143d171da14df1451812468135
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230801/d3c355f3/attachment.htm>
