[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Aug 20 16:06:54 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2731639a by Moritz Muehlenhoff at 2023-08-20T17:06:29+02:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1270,6 +1270,8 @@ CVE-2023-34545 (A SQL injection vulnerability in CSZCMS 1.3.0 allows remote atta
 	NOT-FOR-US: CSZCMS
 CVE-2023-33953 (gRPC contains a vulnerability that allows hpack table accounting error ...)
 	- grpc <unfixed>
+	[bookworm] - grpc <no-dsa> (Minor issue)
+	[bullseye] - grpc <no-dsa> (Minor issue)
 	[buster] - grpc <postponed> (recheck when upstream patch is available/published)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2230890
 	NOTE: https://cloud.google.com/support/bulletins#gcp-2023-022
@@ -14726,6 +14728,8 @@ CVE-2023-30578
 	RESERVED
 CVE-2023-30577 (AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag- ...)
 	- amanda <unfixed>
+	[bookworm] - amanda <no-dsa> (Minor issue)
+	[bullseye] - amanda <no-dsa> (Minor issue)
 	NOTE: https://github.com/zmanda/amanda/security/advisories/GHSA-crrw-v393-h5q3
 	NOTE: https://github.com/zmanda/amanda/pull/228
 CVE-2023-30576 (Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a free ...)
@@ -17923,6 +17927,7 @@ CVE-2023-29410 (A CWE-20: Improper Input Validation vulnerability exists that co
 CVE-2023-29409 (Extremely large RSA keys in certificate chains can cause a client/serv ...)
 	- golang-1.20 1.20.7-1
 	- golang-1.19 1.19.12-1
+	[bookworm] - golang-1.19 <no-dsa> (Minor issue)
 	- golang-1.15 <removed>
 	[bullseye] - golang-1.15 <no-dsa> (Minor issue)
 	- golang-1.11 <removed>
@@ -63673,6 +63678,7 @@ CVE-2022-41715 (Programs which compile regular expressions from untrusted source
 	- golang-1.18 1.18.7-1
 	- golang-1.17 <unfixed>
 	- golang-1.15 <removed>
+	[bullseye] - golang-1.15 <no-dsa> (Minor issue)
 	- golang-1.11 <removed>
 	[buster] - golang-1.11 <postponed> (Limited support, follow bullseye DSAs/point-releases)
 	NOTE: https://go.dev/issue/55949
@@ -214441,6 +214447,7 @@ CVE-2020-24188 (Cross-site scripting (XSS) vulnerability in the search functiona
 	NOT-FOR-US: United Planet Intrexx Professional
 CVE-2020-24187 (An issue was discovered in ecma-helpers.c in jerryscript version 2.3.0 ...)
 	- iotjs <removed>
+	[bullseye] - iotjs <ignored> (Minor issue)
 	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4076
 CVE-2020-24186 (A Remote Code Execution vulnerability exists in the gVectors wpDiscuz  ...)
 	NOT-FOR-US: gVectors wpDiscuz plugin for WordPress



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2731639a18ec1ab2c4b4975ebf606fa610544a5f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2731639a18ec1ab2c4b4975ebf606fa610544a5f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230820/2a14af75/attachment.htm>

More information about the debian-security-tracker-commits mailing list