[Git][security-tracker-team/security-tracker][master] Add CVE-2018-17075/golang-golang-x-net-dev

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eaa73ae8 by Salvatore Bonaccorso at 2018-09-29T06:45:27Z
Add CVE-2018-17075/golang-golang-x-net-dev

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1487,7 +1487,11 @@ CVE-2018-17076 (GPP through 2.25 will try to use more memory space than is avail
 	[jessie] - gpp <no-dsa> (Minor issue)
 	NOTE: https://github.com/logological/gpp/issues/26
 CVE-2018-17075 (The html package (aka x/net/html) before 2018-07-13 in Go mishandles ...)
-	TODO: check
+	- golang-golang-x-net-dev <not-affected> (Vulnerable code introduced later)
+	- golang-go.net-dev <not-affected> (Vulnerable code introduced later)
+	NOTE: https://github.com/golang/go/issues/27016
+	NOTE: Fixed by: https://github.com/golang/net/commit/aaf60122140d3fcf75376d319f0554393160eb50
+	NOTE: Introduced in: https://github.com/golang/net/commit/500e7a4f953ddaf55d316b4d3adc516aa0379622
 CVE-2018-17074 (The Feed Statistics plugin before 4.0 for WordPress has an Open ...)
 	NOT-FOR-US: Feed Statistics plugin for WordPress
 CVE-2018-17073 (wernsey/bitmap before 2018-08-18 allows a NULL pointer dereference via ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/eaa73ae89deaab6d46a8280a92038205c60cdc2c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/eaa73ae89deaab6d46a8280a92038205c60cdc2c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180929/d69f0177/attachment.html>