[Git][security-tracker-team/security-tracker][master] Add grpc for CVE-2023-44487 with upstream reference

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 4 22:12:29 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8a3f8f0f by Salvatore Bonaccorso at 2024-01-04T23:12:03+01:00
Add grpc for CVE-2023-44487 with upstream reference

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15342,6 +15342,7 @@ CVE-2023-44487 (The HTTP/2 protocol allows a denial of service (server resource
 	- tomcat9 9.0.70-2
 	- tomcat10 10.1.14-1
 	- trafficserver 9.2.3+ds-1 (bug #1053801; bug #1054427)
+	- grpc <unfixed>
 	- h2o 2.2.5+dfsg2-8 (bug #1054232)
 	- haproxy 1.8.13-1
 	- nginx 1.24.0-2 (unimportant; bug #1053770)
@@ -15357,6 +15358,7 @@ CVE-2023-44487 (The HTTP/2 protocol allows a denial of service (server resource
 	NOTE: ATS: https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
 	NOTE: ATS: https://github.com/apache/trafficserver/commit/b28ad74f117307e8de206f1de70c3fa716f90682 (9.2.3-rc0)
 	NOTE: ATS: https://github.com/apache/trafficserver/commit/d742d74039aaa548dda0148ab4ba207906abc620 (8.1.9)
+	NOTE: grpc: https://github.com/grpc/grpc/pull/34763
 	NOTE: h2o: https://github.com/h2o/h2o/commit/28fe15117b909588bf14269a0e1c6ec4548579fe
 	NOTE: dnsdist: h2o change breaks the ABI, hence dnsdist switched to a vendored fix in 1.8.2-2
 	NOTE: haproxy: http://git.haproxy.org/?p=haproxy.git;a=commit;h=f210191dcdf32a2cb263c5bd22b7fc98698ce59a (v1.9-dev1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a3f8f0fca8af013a6628fc0ea6b0c1a4766d92c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a3f8f0fca8af013a6628fc0ea6b0c1a4766d92c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240104/ea0b7b0b/attachment.htm>

More information about the debian-security-tracker-commits mailing list