[Git][security-tracker-team/security-tracker][master] golang: precise strech triage
Sylvain Beucler (@beuc)
beuc at debian.org
Tue Jul 20 17:13:34 BST 2021
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b03a0b19 by Sylvain Beucler at 2021-07-20T18:12:31+02:00
golang: precise strech triage
CVE-2021-34558
CVE-2021-33197
CVE-2021-33196
CVE-2021-33195
CVE-2021-31525
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5419,7 +5419,9 @@ CVE-2021-34558 (The crypto/tls package of Go through 1.16.5 does not properly as
- golang-1.15 1.15.9-6
- golang-1.11 <removed>
- golang-1.8 <removed>
+ [stretch] - golang-1.8 <postponed> (Minor issue, DoS, requires rebuilding reverse-dependencies)
- golang-1.7 <removed>
+ [stretch] - golang-1.7 <postponed> (Minor issue, DoS, requires rebuilding reverse-dependencies)
NOTE: https://github.com/golang/go/issues/47143
NOTE: https://github.com/golang/go/commit/58bc454a11d4b3dbc03f44dfcabb9068a9c076f4 (1.16.x)
NOTE: key_agreement.go also bundled in various other packages
@@ -8528,8 +8530,9 @@ CVE-2021-33197
- golang-1.11 <removed>
[buster] - golang-1.11 <no-dsa> (Minor issue)
- golang-1.8 <removed>
- [stretch] - golang-1.8 <no-dsa> (Limited support in stretch)
+ [stretch] - golang-1.8 <postponed> (Minor issue, header corruption in proxy chains, requires rebuilding reverse-dependencies)
- golang-1.7 <removed>
+ [stretch] - golang-1.7 <postponed> (Minor issue, header corruption in proxy chains, requires rebuilding reverse-dependencies)
NOTE: https://github.com/golang/go/issues/46313
NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
NOTE: https://github.com/golang/go/commit/cbd1ca84453fecf3825a6bb9f985823e8bc32b76 (1.15)
@@ -8540,8 +8543,9 @@ CVE-2021-33196 [archive/zip: malformed archive may cause panic or memory exhaust
- golang-1.11 <removed>
[buster] - golang-1.11 <no-dsa> (Minor issue)
- golang-1.8 <removed>
- [stretch] - golang-1.8 <no-dsa> (Limited support in stretch)
+ [stretch] - golang-1.8 <postponed> (Minor issue, OOM, requires rebuilding reverse-dependencies)
- golang-1.7 <removed>
+ [stretch] - golang-1.7 <postponed> (Minor issue, OOM, requires rebuilding reverse-dependencies)
NOTE: https://github.com/golang/go/issues/46242
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33912
NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
@@ -8553,8 +8557,9 @@ CVE-2021-33195
- golang-1.11 <removed>
[buster] - golang-1.11 <no-dsa> (Minor issue)
- golang-1.8 <removed>
- [stretch] - golang-1.8 <no-dsa> (Limited support in stretch)
+ [stretch] - golang-1.8 <postponed> (Minor issue, affects poor validation practice, requires rebuilding reverse-dependencies)
- golang-1.7 <removed>
+ [stretch] - golang-1.7 <postponed> (Minor issue, affects poor validation practice, requires rebuilding reverse-dependencies)
NOTE: https://github.com/golang/go/issues/46241
NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
NOTE: https://github.com/golang/go/commit/31d60cda1f58b7558fc5725d2b9e4531655d980e (1.15)
@@ -12646,8 +12651,9 @@ CVE-2021-31525 (net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows re
- golang-1.15 1.15.9-2
- golang-1.11 <removed>
- golang-1.8 <removed>
- [stretch] - golang-1.8 <no-dsa> (Limited support in stretch)
+ [stretch] - golang-1.8 <postponed> (Minor issue, DoS, requires rebuilding reverse-dependencies)
- golang-1.7 <removed>
+ [stretch] - golang-1.7 <postponed> (Minor issue, DoS, requires rebuilding reverse-dependencies)
- golang-golang-x-net 1:0.0+git20210119.5f4716e+dfsg-3
- golang-golang-x-net-dev <removed>
[stretch] - golang-golang-x-net-dev <no-dsa> (Limited support in stretch)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b03a0b1920a238eefbe483af87e8e4de7e6c547e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b03a0b1920a238eefbe483af87e8e4de7e6c547e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210720/c4c2bcee/attachment.htm>
More information about the debian-security-tracker-commits
mailing list