[Git][security-tracker-team/security-tracker][master] Update CVE-2023-1428 for all suites

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jul 26 21:18:21 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3a76c616 by Salvatore Bonaccorso at 2023-07-26T22:16:32+02:00
Update CVE-2023-1428 for all suites

LTS triage by Sylvain Beucler confirmed the introductory commit to be in
1.52.0-pre1, and no Debian version contains yet the vulnerable code.
Update the entry following the pinpointing of the issue.

Thanks: Sylvain Beucler for researching the intorducing commit.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17826,11 +17826,8 @@ CVE-2023-1430 (The FluentCRM - Marketing Automation For WordPress  plugin for Wo
 CVE-2023-1429 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...)
 	NOT-FOR-US: pimcore
 CVE-2023-1428 (There exists an vulnerability causing an abort() to be called in gRPC. ...)
-	- grpc <unfixed>
-	[bookworm] - grpc <no-dsa> (Minor issue)
-	[bullseye] - grpc <no-dsa> (Minor issue)
-	[buster] - grpc <not-affected> (Vulnerable maxsize handler introduced later)
-	NOTE: https://github.com/grpc/grpc/commit/2485fa94bd8a723e5c977d55a3ce10b301b437f8 (v1.54.0-pre1)
+	- grpc <not-affected> (Vulnerable maxsize handler introduced later)
+	NOTE: Fixed by: https://github.com/grpc/grpc/commit/2485fa94bd8a723e5c977d55a3ce10b301b437f8 (v1.54.0-pre1)
 	NOTE: Introduced by: https://github.com/grpc/grpc/commit/b2b70515583fe18e36c7e70b265808fa3154f734 (v1.52.0-pre1)
 CVE-2023-1427 (- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not en ...)
 	NOT-FOR-US: WordPress plugin



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a76c616ff1834e86592a9811ef93317fae1ec74

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a76c616ff1834e86592a9811ef93317fae1ec74
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230726/1a6949af/attachment.htm>

More information about the debian-security-tracker-commits mailing list