[Git][security-tracker-team/security-tracker][master] 2 commits: Reserve DLA-2591-1 for golang-1.7
Sylvain Beucler
beuc at debian.org
Sat Mar 13 18:13:21 GMT 2021
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
537bcfc7 by Sylvain Beucler at 2021-03-13T19:10:17+01:00
Reserve DLA-2591-1 for golang-1.7
- - - - -
9dce6244 by Sylvain Beucler at 2021-03-13T19:12:24+01:00
Reserve DLA-2592-1 for golang-1.8
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -104245,9 +104245,7 @@ CVE-2019-17596 (Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an atte
- golang-1.12 1.12.12-1 (bug #942629)
- golang-1.11 <removed>
- golang-1.8 <removed>
- [stretch] - golang-1.8 <ignored> (Minor issue)
- golang-1.7 <removed>
- [stretch] - golang-1.7 <ignored> (Minor issue)
- golang <removed>
[jessie] - golang <ignored> (Minor issue)
NOTE: https://golang.org/issue/34960
@@ -108013,9 +108011,7 @@ CVE-2019-16276 (Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Sm
- golang-1.12 1.12.10-1 (bug #941173)
- golang-1.11 <removed>
- golang-1.8 <removed>
- [stretch] - golang-1.8 <ignored> (Minor issue)
- golang-1.7 <removed>
- [stretch] - golang-1.7 <ignored> (Minor issue)
- golang <removed>
[jessie] - golang <ignored> (Minor issue)
NOTE: https://groups.google.com/forum/m/#!topic/golang-announce/cszieYyuL9Q
@@ -129754,9 +129750,7 @@ CVE-2019-9741 (An issue was discovered in net/http in Go 1.11.5. CRLF injection
- golang-1.12 1.12-1
- golang-1.11 1.11.6-1 (bug #924630)
- golang-1.8 <removed>
- [stretch] - golang-1.8 <ignored> (Minor issue)
- golang-1.7 <removed>
- [stretch] - golang-1.7 <ignored> (Minor issue)
- golang <removed>
NOTE: https://github.com/golang/go/issues/30794
NOTE: https://github.com/golang/go/commit/829c5df58694b3345cb5ea41206783c8ccf5c3ca#diff-b97af51863ce82bf2a13003b52034aa9
@@ -217610,9 +217604,7 @@ CVE-2017-15041 (Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote co
{DLA-1148-1}
- golang-1.9 1.9.1-1
- golang-1.8 1.8.4-1
- [stretch] - golang-1.8 <ignored> (Minor issue)
- golang-1.7 <removed>
- [stretch] - golang-1.7 <ignored> (Minor issue)
- golang <removed>
[jessie] - golang <ignored> (Minor issue)
NOTE: https://go.googlesource.com/go/+/a4544a0f8af001d1fb6df0e70750f570ec49ccf9%5E%21/
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,9 @@
+[13 Mar 2021] DLA-2592-1 golang-1.8 - security update
+ {CVE-2017-15041 CVE-2018-16873 CVE-2018-16874 CVE-2019-9741 CVE-2019-16276 CVE-2019-17596 CVE-2021-3114}
+ [stretch] - golang-1.8 1.8.1-1+deb9u3
+[13 Mar 2021] DLA-2591-1 golang-1.7 - security update
+ {CVE-2017-15041 CVE-2018-16873 CVE-2018-16874 CVE-2019-9741 CVE-2019-16276 CVE-2019-17596 CVE-2021-3114}
+ [stretch] - golang-1.7 1.7.4-2+deb9u3
[12 Mar 2021] DLA-2590-1 pygments - security update
{CVE-2021-20270}
[stretch] - pygments 2.2.0+dfsg-1+deb9u1
=====================================
data/dla-needed.txt
=====================================
@@ -43,14 +43,6 @@ firmware-nonfree
--
glib2.0
--
-golang-1.7 (Sylvain Beucler)
- NOTE: 20200308: triaged missing CVEs and DebianN->DebianN+1 regressions
- NOTE: 20200308: documented test suite and reverse build dependencies
- NOTE: 20200308: triaging, fixing and testing remaining CVEs
---
-golang-1.8 (Sylvain Beucler)
- NOTE: 20200308: cf. golang-1.7
---
golang-github-appc-cni (Thorsten Alteholz)
NOTE: 20210221: also taking care of reverse dependencies
NOTE: 20210221: also taking care of other suites
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2bafb7740b6609982a37b656fcf9b57326aefb48...9dce624492092b3dcb39aae7a259a58232a6c24e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2bafb7740b6609982a37b656fcf9b57326aefb48...9dce624492092b3dcb39aae7a259a58232a6c24e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210313/d56a8fec/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list