[Git][security-tracker-team/security-tracker][master] Associate some older CVEs with brpc, itp'ed

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Aug 13 09:57:04 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b5f3507d by Salvatore Bonaccorso at 2025-08-13T10:56:37+02:00
Associate some older CVEs with brpc, itp'ed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -165079,7 +165079,7 @@ CVE-2024-23764 (Certain WithSecure products allow Local Privilege Escalation. Th
 CVE-2024-23660 (The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844f ...)
 	NOT-FOR-US: Binance Trust Wallet app for iOS
 CVE-2024-23452 (Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1. ...)
-	NOT-FOR-US: Apache bRPC
+	- brpc <itp> (bug #1060006)
 CVE-2024-22836 (An OS command injection vulnerability exists in Akaunting v3.1.3 and e ...)
 	NOT-FOR-US: Akaunting
 CVE-2024-22795 (Insecure Permissions vulnerability in Forescout SecureConnector v.11.3 ...)
@@ -186648,7 +186648,7 @@ CVE-2023-45898 (The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ex
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/768d612f79822d30a1e7d132a4d4b05337ce42ec (6.6-rc1)
 CVE-2023-45757 (Security vulnerability in Apache bRPC <=1.6.0 on all platforms allows  ...)
-	NOT-FOR-US: Apache bRPC
+	- brpc <itp> (bug #1060006)
 CVE-2023-45580 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.2 ...)
 	NOT-FOR-US: DI-7003GV2.D1
 CVE-2023-45579 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.2 ...)
@@ -208951,7 +208951,7 @@ CVE-2023-31040
 CVE-2023-2246 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...)
 	NOT-FOR-US: SourceCodester
 CVE-2023-31039 (Security vulnerabilityin Apache bRPC <1.5.0 on all platforms allows at ...)
-	NOT-FOR-US: Apache bRPC
+	- brpc <itp> (bug #1060006)
 CVE-2023-31038 (SQL injection in Log4cxx when using the ODBC appender to send log mess ...)
 	[experimental] - log4cxx 1.1.0-1~exp1
 	- log4cxx 1.1.0-1 (unimportant)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5f3507d91c7cccfe9fb48d7120c120a04682b94

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5f3507d91c7cccfe9fb48d7120c120a04682b94
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250813/c1166bb1/attachment.htm>

More information about the debian-security-tracker-commits mailing list