[Git][security-tracker-team/security-tracker][master] Track fixed versions for golang-go.crypto via unstable

Thu Feb 27 08:05:49 GMT 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
62f2fda3 by Salvatore Bonaccorso at 2020-02-27T09:05:19+01:00
Track fixed versions for golang-go.crypto via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -314,7 +314,7 @@ CVE-2020-9285
 CVE-2020-9284
 	RESERVED
 CVE-2020-9283 (golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go a ...)
-	- golang-go.crypto <unfixed> (bug #952462)
+	- golang-go.crypto 1:0.0~git20200221.2aa609c-1 (bug #952462)
 	[buster] - golang-go.crypto <no-dsa> (Minor issue)
 	[stretch] - golang-go.crypto <no-dsa> (Minor issue)
 	[jessie] - golang-go.crypto <no-dsa> (Minor issue)
@@ -45199,14 +45199,14 @@ CVE-2019-11843
 	RESERVED
 CVE-2019-11841 (A message-forgery issue was discovered in crypto/openpgp/clearsign/cle ...)
 	{DLA-1920-1}
-	- golang-go.crypto <unfixed>
+	- golang-go.crypto 1:0.0~git20200221.2aa609c-1
 	NOTE: https://go.googlesource.com/crypto/+/c05e17bb3b2dca130fc919668a96b4bec9eb9442
 	NOTE: Patch fixes the second part of the CVE ("prepend arbitrary text")
 	NOTE: but not the first ("ignores the value of [the Hash] header"), as hinted at reporter's 2019-05-09 note:
 	NOTE: https://packetstormsecurity.com/files/152840/Go-Cryptography-Libraries-Cleartext-Message-Spoofing.html
 CVE-2019-11840 (An issue was discovered in supplementary Go cryptography libraries, ak ...)
 	{DLA-1840-1}
-	- golang-go.crypto <unfixed>
+	- golang-go.crypto 1:0.0~git20200221.2aa609c-1
 	NOTE: https://github.com/golang/go/issues/30965
 	NOTE: https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d
 	NOTE: https://groups.google.com/forum/#!msg/golang-announce/tjyNcJxb2vQ/n0NRBziSCAAJ



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62f2fda30310c135aabf9c81cce0d1cb77f311e6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62f2fda30310c135aabf9c81cce0d1cb77f311e6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200227/918deeaf/attachment.html>
