[Git][security-tracker-team/security-tracker][master] CVE-2018-16873,CVE-2018-16874,CVE-2018-16875/golang-1.7,golang-1.8: track for...

Sylvain Beucler beuc at debian.org
Tue Feb 23 13:43:59 GMT 2021 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7b7d9675 by Sylvain Beucler at 2021-02-23T14:42:52+01:00
CVE-2018-16873,CVE-2018-16874,CVE-2018-16875/golang-1.7,golang-1.8: track for stretch, reference regression fix

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -161345,23 +161345,31 @@ CVE-2018-16876 (ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a
 CVE-2018-16875 (The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 d ...)
 	- golang-1.11 1.11.3-1
 	- golang-1.10 1.10.6-1
+	- golang-1.8 <removed>
+	- golang-1.7 <removed>
 	NOTE: https://github.com/golang/go/issues/29233
 	NOTE: https://github.com/golang/go/commit/df523969435b8945d939c7e2a849b50910ef4c25 (1.11.3)
 	NOTE: https://github.com/golang/go/commit/0a4a37f1f0a36e55d8ae5c34210a79499f9f2a9d (1.10.6)
 CVE-2018-16874 (In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is  ...)
 	- golang-1.11 1.11.3-1
 	- golang-1.10 1.10.6-1
+	- golang-1.8 <removed>
+	- golang-1.7 <removed>
 	NOTE: https://github.com/golang/go/issues/29231
-	NOTE: https://github.com/golang/go/commit/8954addb3294a5e664a9833354bafa58f163fe8f (1.11.3)
-	NOTE: https://github.com/golang/go/commit/90d609ba6156299642d08afc06d85ab770a03972 (1.10.6)
+	NOTE: See CVE-2018-16873 for patches and regression fix
 CVE-2018-16873 (In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is  ...)
 	- golang-1.11 1.11.3-1
 	- golang-1.10 1.10.6-1
+	- golang-1.8 <removed>
+	- golang-1.7 <removed>
 	NOTE: https://github.com/golang/go/issues/29230
 	NOTE: https://github.com/golang/go/commit/8954addb3294a5e664a9833354bafa58f163fe8f (1.11.3)
 	NOTE: https://github.com/golang/go/commit/5aedc8af94c0a8ffc58cbd09993192dea9b238db (1.11.3)
 	NOTE: https://github.com/golang/go/commit/90d609ba6156299642d08afc06d85ab770a03972 (1.10.6)
 	NOTE: https://github.com/golang/go/commit/7ef6ee2c5727f0d11206b4d1866c18e6ab4785be (1.10.6)
+	NOTE: https://github.com/golang/go/issues/29241 (regression)
+	NOTE: https://github.com/golang/go/commit/25bee965c685e3f35c10076648685e22e59fd656 (1.10.7)
+	NOTE: https://github.com/golang/go/commit/ef209c9eb1216252ee7a59d78156ad9dcccab656 (1.11.4)
 CVE-2018-16872 (A flaw was found in qemu Media Transfer Protocol (MTP). The code openi ...)
 	{DSA-4454-1 DLA-1694-1}
 	- qemu 1:3.1+dfsg-2 (bug #916397)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b7d96759bdecb156d6425a36b316e2e1ef41e50

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b7d96759bdecb156d6425a36b316e2e1ef41e50
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210223/82a823d4/attachment.htm>

More information about the debian-security-tracker-commits mailing list