[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVE-2020-7919 as not-affected for golang-1.7,8 in Stretch)

Thorsten Alteholz alteholz at debian.org
Tue Nov 17 15:35:27 GMT 2020 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2826122a by Thorsten Alteholz at 2020-11-17T16:35:00+01:00
mark CVE-2020-7919 as not-affected for golang-1.7,8 in Stretch)

- - - - -
f7e5e169 by Thorsten Alteholz at 2020-11-17T16:35:01+01:00
mark CVE-2020-28367 as ignored for golang-1.7

- - - - -
97ed6ec2 by Thorsten Alteholz at 2020-11-17T16:35:02+01:00
mark CVE-2020-28362 as not-affected for golang-1.7 and golang-1.8 in Stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2235,6 +2235,7 @@ CVE-2020-28367
 	- golang-1.11 <removed>
 	- golang-1.8 <removed>
 	- golang-1.7 <removed>
+	[stretch] - golang-1.7 <ignored> (validation of cgo flags first introduced in golang-1.8)
 	NOTE: https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM/m/fLguyiM2CAAJ
 	NOTE: https://github.com/golang/go/issues/42556
 CVE-2020-28366
@@ -2256,7 +2257,9 @@ CVE-2020-28362
 	- golang-1.15 1.15.5-1
 	- golang-1.11 <removed>
 	- golang-1.8 <removed>
+	[stretch] - golang-1.8 <not-affected> (Vulnerable code introduced later)
 	- golang-1.7 <removed>
+	[stretch] - golang-1.7 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM/m/fLguyiM2CAAJ
 	NOTE: https://github.com/golang/go/issues/42552
 CVE-2020-XXXX [slab-out-of-bounds Read in fbcon]
@@ -52838,9 +52841,9 @@ CVE-2020-7919 (Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/crypto
 	- golang-1.11 <removed>
 	[buster] - golang-1.11 <postponed> (Minor issue, can be fixed along in next DSA)
 	- golang-1.8 <removed>
-	[stretch] - golang-1.8 <postponed> (Minor issue)
+	[stretch] - golang-1.8 <not-affected> (cryptobyte stuff introduced in golang-1.10)
 	- golang-1.7 <removed>
-	[stretch] - golang-1.7 <postponed> (Minor issue)
+	[stretch] - golang-1.7 <not-affected> (cryptobyte stuff introduced in golang-1.10)
 	- golang <removed>
 	NOTE: https://github.com/golang/go/issues/36837
 	NOTE: https://github.com/golang/go/commit/b13ce14c4a6aa59b7b041ad2b6eed2d23e15b574 (master)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d54b0200f05171dbe25c54c26cdd9d853d691d09...97ed6ec2d472fbc07b3b45751c60378ffc8584ad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d54b0200f05171dbe25c54c26cdd9d853d691d09...97ed6ec2d472fbc07b3b45751c60378ffc8584ad
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201117/a7d803a3/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list