Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e78fce8b by Salvatore Bonaccorso at 2023-08-01T11:33:34+02:00
Sync status for CVE-2023-32731/grpc with findings from triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6028,10 +6028,7 @@ CVE-2023-32732 (gRPC contains a vulnerability whereby a
client can cause a termi
NOTE: https://github.com/grpc/grpc/pull/32309
NOTE: CVE description and fix are sensible, but there seem to be
confusion: https://github.com/grpc/grpc/pull/32309#issuecomment-1589703522
CVE-2023-32731 (When gRPC HTTP2 stack raised a header size exceeded error, it
skipped ...)
- - grpc <unfixed>
- [bookworm] - grpc <no-dsa> (Minor issue)
- [bullseye] - grpc <no-dsa> (Minor issue)
- [buster] - grpc <not-affected> (Vulnerable code introduced later)
+ - grpc <not-affected> (Vulnerable code introduced later)
NOTE: Introduced by:
https://github.com/grpc/grpc/pull/32309#issuecomment-1589561295 (v1.53.0-pre1)
NOTE: Fixed by:
https://github.com/grpc/grpc/commit/65a2a895afaf1d2072447b9baf246374b182a946
(v1.56.0-pre1)
CVE-2023-32312 (UmbracoIdentityExtensions is an Umbraco add-on package that
enables ea ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e78fce8bce7190143d171da14df1451812468135
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e78fce8bce7190143d171da14df1451812468135
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
