[Git][security-tracker-team/security-tracker][master] golang-golang-x-net-dev, golang-github-seccomp-libseccomp-golang fixed
Moritz Muehlenhoff
jmm at debian.org
Tue Apr 30 12:50:58 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
35a0c324 by Moritz Muehlenhoff at 2019-04-30T11:50:28Z
golang-golang-x-net-dev, golang-github-seccomp-libseccomp-golang fixed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -233,7 +233,7 @@ CVE-2019-11502 (snap-confine in snapd before 2.38 incorrectly set the ownership
- snapd <unfixed> (bug #928052)
NOTE: https://github.com/snapcore/snapd/commit/bdbfeebef03245176ae0dc323392bb0522a339b1
CVE-2017-18367 (libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR ...)
- - golang-github-seccomp-libseccomp-golang <unfixed> (bug #927981)
+ - golang-github-seccomp-libseccomp-golang 0.9.0-2 (bug #927981)
NOTE: https://github.com/seccomp/libseccomp-golang/issues/22
NOTE: https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e
CVE-2019-11501
@@ -35025,21 +35025,21 @@ CVE-2018-17850
CVE-2018-17849 (Navigate CMS 2.8 has Stored XSS via a navigate_upload.php (aka File Up ...)
NOT-FOR-US: Navigate CMS
CVE-2018-17848 (The html package (aka x/net/html) through 2018-09-25 in Go mishandles ...)
- - golang-golang-x-net-dev <unfixed> (low; bug #911795)
+ - golang-golang-x-net-dev 1:0.0+git20181201.351d144+dfsg-3 (bug #911795)
[stretch] - golang-golang-x-net-dev <not-affected> (Vulnerable code not present)
- golang-go.net-dev <removed>
[jessie] - golang-go.net-dev <ignored> (Minor issue)
NOTE: https://github.com/golang/go/issues/27846
NOTE: https://github.com/golang/net/commit/4b62a64f59f73840b9ab79204c94fee61cd1ba2c
CVE-2018-17847 (The html package (aka x/net/html) through 2018-09-25 in Go mishandles ...)
- - golang-golang-x-net-dev <unfixed> (low; bug #911795)
+ - golang-golang-x-net-dev 1:0.0+git20181201.351d144+dfsg-3 (bug #911795)
[stretch] - golang-golang-x-net-dev <not-affected> (Vulnerable code not present)
- golang-go.net-dev <removed>
[jessie] - golang-go.net-dev <ignored> (Minor issue)
NOTE: https://github.com/golang/go/issues/27846
NOTE: https://github.com/golang/net/commit/4b62a64f59f73840b9ab79204c94fee61cd1ba2c
CVE-2018-17846 (The html package (aka x/net/html) through 2018-09-25 in Go mishandles ...)
- - golang-golang-x-net-dev <unfixed> (bug #911795)
+ - golang-golang-x-net-dev 1:0.0+git20181201.351d144+dfsg-3 (bug #911795)
[stretch] - golang-golang-x-net-dev <not-affected> (Vulnerable code not present)
- golang-go.net-dev <removed>
[jessie] - golang-go.net-dev <ignored> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/35a0c324f22ad883c5d66320f5fd4fb47ffabdc2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/35a0c324f22ad883c5d66320f5fd4fb47ffabdc2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190430/09cc79bd/attachment.html>
More information about the debian-security-tracker-commits
mailing list