[Git][security-tracker-team/security-tracker][master] 4 commits: mark CVE-2023-33953 as postponed for Buster

Sat Aug 19 23:36:46 BST 2023


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d4cf9587 by Thorsten Alteholz at 2023-08-20T00:12:49+02:00
mark CVE-2023-33953 as postponed for Buster

- - - - -
1d2c4770 by Thorsten Alteholz at 2023-08-20T00:18:35+02:00
add firmware-nonfree

- - - - -
e609abc6 by Thorsten Alteholz at 2023-08-20T00:30:27+02:00
mark CVE-2023-40303 as no-dsa for Buster

- - - - -
2bc0891c by Thorsten Alteholz at 2023-08-20T00:33:27+02:00
mark CVE-2023-38857 and CVE-2023-38858 as postponed for Buster

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -554,11 +554,13 @@ CVE-2023-38858 (Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote a
 	- faad2 <unfixed> (bug #1050095)
 	[bookworm] - faad2 <no-dsa> (Minor issue)
 	[bullseye] - faad2 <no-dsa> (Minor issue)
+	[buster] - faad2 <postponed> (recheck when fixed upstream)
 	NOTE: https://github.com/knik0/faad2/issues/173
 CVE-2023-38857 (Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacke ...)
 	- faad2 <unfixed> (bug #1050094)
 	[bookworm] - faad2 <no-dsa> (Minor issue)
 	[bullseye] - faad2 <no-dsa> (Minor issue)
+	[buster] - faad2 <postponed> (recheck when fixed upstream)
 	NOTE: https://github.com/knik0/faad2/issues/171
 CVE-2023-38856 (Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacke ...)
 	- r-cran-readxl <unfixed> (unimportant)
@@ -703,6 +705,7 @@ CVE-2023-40303 (GNU inetutils through 2.4 may allow privilege escalation because
 	- inetutils <unfixed> (bug #1049365)
 	[bookworm] - inetutils <no-dsa> (Minor issue)
 	[bullseye] - inetutils <no-dsa> (Minor issue)
+	[buster] - inetutils <no-dsa> (Minor issue)
 	NOTE: https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6
 	NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2023-07/msg00000.html
 CVE-2023-40296 (async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in R ...)
@@ -1259,6 +1262,7 @@ CVE-2023-34545 (A SQL injection vulnerability in CSZCMS 1.3.0 allows remote atta
 	NOT-FOR-US: CSZCMS
 CVE-2023-33953 (gRPC contains a vulnerability that allows hpack table accounting error ...)
 	- grpc <unfixed>
+	[buster] - grpc <postponed> (recheck when upstream patch is available/published)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2230890
 	NOTE: https://cloud.google.com/support/bulletins#gcp-2023-022
 CVE-2023-33469 (In instances where the screen is visible and remote mouse connection i ...)


=====================================
data/dla-needed.txt
=====================================
@@ -47,6 +47,9 @@ dogecoin
   NOTE: 20230619: also I just referenced 3 older bitcoin-related CVEs to fix;
   NOTE: 20230619: dogecoin not present in bullseye/bookworm, so we lead the initiatives. (Beuc/front-desk)
 --
+firmware-nonfree
+  NOTE: 20230820: Added by Front-Desk (ta)
+--
 flask (Sean Whitton)
   NOTE: 20230811: Added by Front-Desk (Beuc)
   NOTE: 20230811: Check DSA-5442-1 (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a2906605c03b2deeff3b845c825356e2835148f0...2bc0891c47c21b59ebbaf61a6ffe841ccc906836

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a2906605c03b2deeff3b845c825356e2835148f0...2bc0891c47c21b59ebbaf61a6ffe841ccc906836
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230819/b2832702/attachment.htm>
