[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Aug 20 16:06:54 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2731639a by Moritz Muehlenhoff at 2023-08-20T17:06:29+02:00
bullseye/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1270,6 +1270,8 @@ CVE-2023-34545 (A SQL injection vulnerability in CSZCMS 1.3.0 allows remote atta
NOT-FOR-US: CSZCMS
CVE-2023-33953 (gRPC contains a vulnerability that allows hpack table accounting error ...)
- grpc <unfixed>
+ [bookworm] - grpc <no-dsa> (Minor issue)
+ [bullseye] - grpc <no-dsa> (Minor issue)
[buster] - grpc <postponed> (recheck when upstream patch is available/published)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2230890
NOTE: https://cloud.google.com/support/bulletins#gcp-2023-022
@@ -14726,6 +14728,8 @@ CVE-2023-30578
RESERVED
CVE-2023-30577 (AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag- ...)
- amanda <unfixed>
+ [bookworm] - amanda <no-dsa> (Minor issue)
+ [bullseye] - amanda <no-dsa> (Minor issue)
NOTE: https://github.com/zmanda/amanda/security/advisories/GHSA-crrw-v393-h5q3
NOTE: https://github.com/zmanda/amanda/pull/228
CVE-2023-30576 (Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a free ...)
@@ -17923,6 +17927,7 @@ CVE-2023-29410 (A CWE-20: Improper Input Validation vulnerability exists that co
CVE-2023-29409 (Extremely large RSA keys in certificate chains can cause a client/serv ...)
- golang-1.20 1.20.7-1
- golang-1.19 1.19.12-1
+ [bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
[bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
@@ -63673,6 +63678,7 @@ CVE-2022-41715 (Programs which compile regular expressions from untrusted source
- golang-1.18 1.18.7-1
- golang-1.17 <unfixed>
- golang-1.15 <removed>
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
[buster] - golang-1.11 <postponed> (Limited support, follow bullseye DSAs/point-releases)
NOTE: https://go.dev/issue/55949
@@ -214441,6 +214447,7 @@ CVE-2020-24188 (Cross-site scripting (XSS) vulnerability in the search functiona
NOT-FOR-US: United Planet Intrexx Professional
CVE-2020-24187 (An issue was discovered in ecma-helpers.c in jerryscript version 2.3.0 ...)
- iotjs <removed>
+ [bullseye] - iotjs <ignored> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4076
CVE-2020-24186 (A Remote Code Execution vulnerability exists in the gVectors wpDiscuz ...)
NOT-FOR-US: gVectors wpDiscuz plugin for WordPress
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2731639a18ec1ab2c4b4975ebf606fa610544a5f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2731639a18ec1ab2c4b4975ebf606fa610544a5f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230820/2a14af75/attachment.htm>
More information about the debian-security-tracker-commits
mailing list