[Git][security-tracker-team/security-tracker][master] Update information for CVE-2020-29509 and track golang-github-russellhaering-gosaml2

Salvatore Bonaccorso carnil at debian.org
Sun Feb 28 12:26:24 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7bc4cdd8 by Salvatore Bonaccorso at 2021-02-28T13:25:47+01:00
Update information for CVE-2020-29509 and track golang-github-russellhaering-gosaml2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21910,12 +21910,13 @@ CVE-2020-29510 (The encoding/xml package in Go versions 1.15 and earlier does no
 	NOTE: https://github.com/golang/go/issues/43168
 	NOTE: https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
 CVE-2020-29509 (The encoding/xml package in Go (all versions) does not correctly prese ...)
-	- golang-1.15 <unfixed>
-	- golang-1.11 <removed>
-	- golang-1.8 <removed>
-	[stretch] - golang-1.8 <ignored> (deemed unfixable by upstream who shifts responsibility to saml packages we don't ship)
-	- golang-1.7 <removed>
-	[stretch] - golang-1.7 <ignored> (deemed unfixable by upstream who shifts responsibility to saml packages we don't ship)
+	- golang-github-russellhaering-gosaml2 <itp> (bug #948190)
+	- golang-1.15 <unfixed> (unimportant)
+	- golang-1.11 <removed> (unimportant)
+	- golang-1.8 <removed> (unimportant)
+	- golang-1.7 <removed> (unimportant)
+	NOTE: Golang upstream does not consider the issue to be fixable in Go, instread
+	NOTE: shifts responsibility to saml packages.
 	NOTE: https://github.com/golang/go/issues/43168
 	NOTE: https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
 	NOTE: https://github.com/russellhaering/gosaml2/security/advisories/GHSA-xhqq-x44f-9fgg



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bc4cdd8e6116c9aa10b8695284a39d0a18c4b4b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bc4cdd8e6116c9aa10b8695284a39d0a18c4b4b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210228/1715e3ab/attachment.htm>

More information about the debian-security-tracker-commits mailing list