[Git][security-tracker-team/security-tracker][master] Add CVE-2020-24553/golang*
Salvatore Bonaccorso
carnil at debian.org
Wed Sep 2 21:48:32 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
46f86dbb by Salvatore Bonaccorso at 2020-09-02T22:47:58+02:00
Add CVE-2020-24553/golang*
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1097,7 +1097,16 @@ CVE-2020-24555
CVE-2020-24554 (The redirect module in Liferay Portal before 7.3.3 does not limit the ...)
NOT-FOR-US: Liferay
CVE-2020-24553 (Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html ...)
- TODO: check
+ - golang-1.15 <unfixed>
+ - golang-1.14 <unfixed>
+ - golang-1.11 <removed>
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ NOTE: https://groups.google.com/forum/#!topic/golang-announce/8wqlSbkLdPs
+ NOTE: https://github.com/golang/go/issues/40928
+ NOTE: https://github.com/golang/go/issues/41164 (1.14 backport)
+ NOTE: https://github.com/golang/go/issues/41165 (1.15 backport)
+ NOTE: https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-004/-inconsistent-behavior-of-gos-cgi-and-fastcgi-transport-may-lead-to-cross-site-scripting
CVE-2020-24552
RESERVED
CVE-2020-24551
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46f86dbbcd11ad1c95b1c72af4b447cdebec16d0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46f86dbbcd11ad1c95b1c72af4b447cdebec16d0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200902/cf257be5/attachment.html>
More information about the debian-security-tracker-commits
mailing list