[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-9512,CVE-2019-9514/golang: stretch triage precision

Sylvain Beucler beuc at debian.org
Fri Mar 12 18:41:51 GMT 2021



Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
427fe654 by Sylvain Beucler at 2021-03-12T19:39:27+01:00
CVE-2019-9512,CVE-2019-9514/golang: stretch triage precision

- - - - -
da4a4056 by Sylvain Beucler at 2021-03-12T19:40:56+01:00
CVE-2021-27918/golang-1.7,golang-1.8: stretch triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -767,7 +767,9 @@ CVE-2021-27918 (encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an
 	- golang-1.15 1.15.9-1
 	- golang-1.11 <removed>
 	- golang-1.8 <removed>
+	[stretch] - golang-1.8 <postponed> (Minor issue, DoS)
 	- golang-1.7 <removed>
+	[stretch] - golang-1.7 <postponed> (Minor issue, DoS)
 	NOTE: https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw
 	NOTE: https://github.com/golang/go/issues/44913
 CVE-2021-3420 (A flaw was found in newlib in versions prior to 4.0.0. Improper overfl ...)
@@ -130161,9 +130163,9 @@ CVE-2019-9514 (Some HTTP/2 implementations are vulnerable to a reset flood, pote
 	- golang-1.12 1.12.8-1
 	- golang-1.11 1.11.13-1
 	- golang-1.8 <removed>
-	[stretch] - golang-1.8 <ignored> (Minor issue)
+	[stretch] - golang-1.8 <ignored> (Minor issue, DoS, invasive, net/http server-side, requires rebuilding reverse-dependencies)
 	- golang-1.7 <removed>
-	[stretch] - golang-1.7 <ignored> (Minor issue)
+	[stretch] - golang-1.7 <ignored> (Minor issue, DoS, invasive, net/http server-side, requires rebuilding reverse-dependencies)
 	- golang <removed>
 	[jessie] - golang <not-affected> (No HTTP2 support yet)
 	- golang-golang-x-net-dev 1:0.0+git20190811.74dc4d7+dfsg-1
@@ -130201,9 +130203,9 @@ CVE-2019-9512 (Some HTTP/2 implementations are vulnerable to ping floods, potent
 	- golang-1.12 1.12.8-1
 	- golang-1.11 1.11.13-1
 	- golang-1.8 <removed>
-	[stretch] - golang-1.8 <ignored> (Minor issue)
+	[stretch] - golang-1.8 <ignored> (Minor issue, DoS, invasive, net/http server-side, requires rebuilding reverse-dependencies)
 	- golang-1.7 <removed>
-	[stretch] - golang-1.7 <ignored> (Minor issue)
+	[stretch] - golang-1.7 <ignored> (Minor issue, DoS, invasive, net/http server-side, requires rebuilding reverse-dependencies)
 	- golang <removed>
 	[jessie] - golang <not-affected> (No HTTP2 support yet)
 	- golang-golang-x-net-dev 1:0.0+git20190811.74dc4d7+dfsg-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d9c094851a9dc312247c9ed60e8c7e927e67d34d...da4a40560faad4e7a9e5540ecf1d4f92a4bbc575

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d9c094851a9dc312247c9ed60e8c7e927e67d34d...da4a40560faad4e7a9e5540ecf1d4f92a4bbc575
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210312/3b50d091/attachment.htm>


More information about the debian-security-tracker-commits mailing list