[Git][security-tracker-team/security-tracker][master] bullseye/bookworm triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7dace96e by Moritz Muehlenhoff at 2023-07-16T19:59:28+02:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -657,6 +657,7 @@ CVE-2023-37196 (A CWE-89: Improper Neutralization of Special Elements vulnerabil
 	NOT-FOR-US: Schneider Electric
 CVE-2023-37174 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...)
 	- gpac <unfixed>
+	[bullseye] - gpac <ignored> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2505
 	NOTE: https://github.com/gpac/gpac/commit/549ff4484246f2bc4d5fec6760332b43774db483
@@ -1546,6 +1547,7 @@ CVE-2023-3528 (A vulnerability was found in ThinuTech ThinuCMS 1.5. It has been
 	NOT-FOR-US: ThinuTech ThinuCMS
 CVE-2023-3523 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.)
 	- gpac <unfixed>
+	[bullseye] - gpac <ignored> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://huntr.dev/bounties/57e0be03-8484-415e-8b5c-c1fe4546eaac/
 	NOTE: https://github.com/gpac/gpac/commit/64201a26476c12a7dbd7ffb5757743af6954db96
@@ -4368,9 +4370,13 @@ CVE-2023-33557 (Fuel CMS v1.5.2 was discovered to contain a SQL injection vulner
 	NOT-FOR-US: Fuel CMS
 CVE-2023-32732 (gRPC contains a vulnerability whereby a client can cause a termination ...)
 	- grpc <unfixed>
+	[bookworm] - grpc <no-dsa> (Minor issue)
+	[bullseye] - grpc <no-dsa> (Minor issue)
 	NOTE: https://github.com/grpc/grpc/pull/32309
 CVE-2023-32731 (When gRPC HTTP2 stack raised a header size exceeded error, it skipped  ...)
 	- grpc <unfixed>
+	[bookworm] - grpc <no-dsa> (Minor issue)
+	[bullseye] - grpc <no-dsa> (Minor issue)
 	NOTE: https://github.com/grpc/grpc/pull/32309
 	NOTE: https://github.com/grpc/grpc/pull/33005
 CVE-2023-32312 (UmbracoIdentityExtensions is an Umbraco add-on package that enables ea ...)
@@ -16666,6 +16672,8 @@ CVE-2023-1429 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimco
 	NOT-FOR-US: pimcore
 CVE-2023-1428 (There exists an vulnerability causing an abort() to be called in gRPC. ...)
 	- grpc <unfixed>
+	[bookworm] - grpc <no-dsa> (Minor issue)
+	[bullseye] - grpc <no-dsa> (Minor issue)
 	NOTE: https://github.com/grpc/grpc/commit/2485fa94bd8a723e5c977d55a3ce10b301b437f8 (v1.54.0-pre1)
 CVE-2023-1427 (- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not en ...)
 	NOT-FOR-US: WordPress plugin



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7dace96e208c4985be19716090774d0fc4b1a434

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7dace96e208c4985be19716090774d0fc4b1a434
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230716/33d35142/attachment.htm>