[Git][security-tracker-team/security-tracker][master] Add information for CVE-2018-1714{2,3}/golang-golang-x-net-dev

Salvatore Bonaccorso carnil at debian.org
Sat Sep 29 08:22:04 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fbef5dbb by Salvatore Bonaccorso at 2018-09-29T07:15:51Z
Add information for CVE-2018-1714{2,3}/golang-golang-x-net-dev

Further investigation needs to be done to see if the issues are only
introduced with the mentioned adding "in template" insertion mode
support. If so the vulnerable code would be introduced later than in any
version currently in sid, testing, stretch and jessie.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1314,9 +1314,17 @@ CVE-2018-17144 (Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.1
 	- litecoin 0.16.3-1
 	NOTE: https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144
 CVE-2018-17143 (The html package (aka x/net/html) through 2018-09-17 in Go mishandles ...)
-	TODO: check, in golang-golang-x-net-dev?
+	- golang-golang-x-net-dev <unfixed>
+	- golang-go.net-dev <removed>
+	NOTE: https://github.com/golang/go/issues/27704
+	NOTE: https://github.com/golang/net/commit/2f5d2388922f370f4355f327fcf4cfe9f5583908
+	TODO: check, issue possibly only introduced with the 500e7a4f953ddaf55d316b4d3adc516aa0379622 commit (adding "in template" insertion mode support)
 CVE-2018-17142 (The html package (aka x/net/html) through 2018-09-17 in Go mishandles ...)
-	TODO: check, in golang-golang-x-net-dev?
+	- golang-golang-x-net-dev <unfixed>
+	- golang-go.net-dev <removed>
+	NOTE: https://github.com/golang/go/issues/27702
+	NOTE: https://github.com/golang/net/commit/cf3bd585ca2a5a21b057abd8be7eea2204af89d0
+	TODO: check, issue possibly only introduced with the 500e7a4f953ddaf55d316b4d3adc516aa0379622 commit (adding "in template" insertion mode support)
 CVE-2018-17141 (HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute ...)
 	{DSA-4298-1 DLA-1515-1}
 	- hylafax 3:6.0.6-8.1 (bug #909161)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fbef5dbb3412c7130e71fe129cfaf1559c295cd3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fbef5dbb3412c7130e71fe129cfaf1559c295cd3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180929/978ebbad/attachment.html>

More information about the debian-security-tracker-commits mailing list