[Git][security-tracker-team/security-tracker][master] 3 commits: Update CVE-2021-38297 CVE-2021-41772 for golang-1.15

Fri Dec 3 20:28:14 GMT 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7c622b92 by Shengjing Zhu at 2021-12-04T01:19:00+08:00
Update CVE-2021-38297 CVE-2021-41772 for golang-1.15

- - - - -
b2a625df by Salvatore Bonaccorso at 2021-12-03T21:25:47+01:00
Update status for CVE-2021-41772

- - - - -
4575aa25 by Salvatore Bonaccorso at 2021-12-03T20:28:03+00:00
Merge branch 'zhsj/golang-1.15' into 'master'

Update CVE-2021-38297 CVE-2021-41772 for golang-1.15

See merge request security-tracker-team/security-tracker!97
- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9984,12 +9984,13 @@ CVE-2017-20007 (Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web applicatio
 CVE-2021-41772 (Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reade ...)
 	- golang-1.17 1.17.3-1
 	- golang-1.16 1.16.10-1
-	- golang-1.15 <unfixed>
-	- golang-1.11 <removed>
-	- golang-1.8 <removed>
-	- golang-1.7 <removed>
+	- golang-1.15 <not-affected> (Vulnerable code introduced later in go1.16beta1)
+	- golang-1.11 <not-affected> (Vulnerable code introduced later in go1.16beta1)
+	- golang-1.8 <not-affected> (Vulnerable code introduced later in go1.16beta1)
+	- golang-1.7 <not-affected> (Vulnerable code introduced later in go1.16beta1)
 	NOTE: https://github.com/golang/go/issues/48085
 	NOTE: https://groups.google.com/g/golang-announce/c/0fM21h43arc
+	NOTE: Introduced in: https://github.com/golang/go/commit/1296ee6b4f9058be75c799513ccb488d2f2dd085 (go1.16beta1)
 	NOTE: https://github.com/golang/go/commit/b212ba68296b503b395e7d1838ca72a19030a6bf (go1.17.3)
 	NOTE: https://github.com/golang/go/commit/88407a8dd98411f1730907dc8a69b99488af0052 (go1.16.10)
 CVE-2021-41771 (ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16 ...)
@@ -18308,6 +18309,7 @@ CVE-2021-38298 (Zoho ManageEngine ADManager Plus before 7110 is vulnerable to bl
 CVE-2021-38297 (Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via la ...)
 	- golang-1.17 1.17.2-1
 	- golang-1.16 1.16.9-1
+	- golang-1.15 <unfixed>
 	- golang-1.11 <removed>
 	[buster] - golang-1.11 <no-dsa> (Minor issue)
 	- golang-1.8 <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d9d1cfaa3a9ac4927f929321dbf4a96a733cdfbd...4575aa25acca8fa53e69e22c9007bc272a139b29

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d9d1cfaa3a9ac4927f929321dbf4a96a733cdfbd...4575aa25acca8fa53e69e22c9007bc272a139b29
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211203/e4987f4f/attachment.htm>
