[Git][security-tracker-team/security-tracker][master] Add CVE-2021-3115/golang*
Salvatore Bonaccorso
carnil at debian.org
Sat Jan 23 10:17:59 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0bec1463 by Salvatore Bonaccorso at 2021-01-23T11:17:31+01:00
Add CVE-2021-3115/golang*
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4855,8 +4855,18 @@ CVE-2021-3117
RESERVED
CVE-2021-3116 (before_upstream_connection in AuthPlugin in http/proxy/auth.py in prox ...)
NOT-FOR-US: proxy.py
-CVE-2021-3115
+CVE-2021-3115 [cmd/go: packages using cgo can cause arbitrary code execution at build time]
RESERVED
+ - golang-1.15 1.15.7-1
+ - golang-1.11 <removed>
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ NOTE: https://github.com/golang/go/issues/43783
+ NOTE: https://github.com/golang/go/commit/46e2e2e9d99925bbf724b12693c6d3e27a95d6a0 (master)
+ NOTE: https://github.com/golang/go/commit/e8e7facfaa47bf21007c0a1c679debba52ec3ea0 (1.15.7)
+ NOTE: Mainly an issue on Windows but as well for Unix users who have '.' listed
+ NOTE: explicitly in PATH and running 'go get' outside of a module or with module
+ NOTE: mode disabled.
CVE-2021-3114 [crypto/elliptic: incorrect operations on the P-224 curve]
RESERVED
- golang-1.15 1.15.7-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bec1463adbd25193e161cd44456b43eebe440f7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bec1463adbd25193e161cd44456b43eebe440f7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210123/740b528e/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list