[Git][security-tracker-team/security-tracker][master] Update information on CVE-2020-28362

Salvatore Bonaccorso carnil at debian.org
Sun Jan 24 20:02:58 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
84b5f12c by Salvatore Bonaccorso at 2021-01-24T21:00:46+01:00
Update information on CVE-2020-28362

While at it checked the last version of golang-1.11 in unstable (before
the removal) which was 1.11.13 and did not contain a backport of the
recursive division algorithm implementation.

As such we can move the entry from <removed> to <not-affected> entirely
as verified up to the last version present in the archive.

Similarly then we can sync up the older versions as well.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21160,15 +21160,13 @@ CVE-2020-28363
 	RESERVED
 CVE-2020-28362 (Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. ...)
 	- golang-1.15 1.15.5-1
-	- golang-1.11 <removed>
-	[buster] - golang-1.11 <not-affected> (Vulnerable code introduced later)
-	- golang-1.8 <removed>
-	[stretch] - golang-1.8 <not-affected> (Vulnerable code introduced later)
-	- golang-1.7 <removed>
-	[stretch] - golang-1.7 <not-affected> (Vulnerable code introduced later)
+	- golang-1.11 <not-affected> (Vulnerable code introduced later)
+	- golang-1.8 <not-affected> (Vulnerable code introduced later)
+	- golang-1.7 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM/m/fLguyiM2CAAJ
 	NOTE: https://github.com/golang/go/issues/42552
-	NOTE: the issue does not impact versions prior to 1.14.
+	NOTE: Introduced in: https://github.com/golang/go/commit/194ae3236d81cf16dc39b955efc1b9202b59d067 (go1.14beta1)
+	NOTE: Fixed by: https://github.com/golang/go/commit/1e1fa5903b760c6714ba17e50bf850b01f49135c
 CVE-2020-28974 (A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 co ...)
 	{DLA-2494-1 DLA-2483-1}
 	- linux 5.9.9-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84b5f12cd19b96c3a001315498b8f01cb9f81958

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84b5f12cd19b96c3a001315498b8f01cb9f81958
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210124/d8018d4d/attachment.html>

More information about the debian-security-tracker-commits mailing list