[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2022-23773/golang: stretch not-affected

Sylvain Beucler (@beuc) beuc at debian.org
Sat Apr 2 10:15:40 BST 2022 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
020987e7 by Sylvain Beucler at 2022-04-02T11:15:16+02:00
CVE-2022-23773/golang: stretch not-affected

- - - - -
a16ee2c1 by Sylvain Beucler at 2022-04-02T11:15:16+02:00
dla: add golang

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -13483,7 +13483,9 @@ CVE-2022-23773 (cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinte
 	- golang-1.11 <removed>
 	[buster] - golang-1.11 <no-dsa> (Minor issue)
 	- golang-1.8 <removed>
+	[stretch] - golang-1.8 <not-affected> (vgo/modfetch module not present)
 	- golang-1.7 <removed>
+	[stretch] - golang-1.7 <not-affected> (vgo/modfetch module not present)
 	NOTE: https://github.com/golang/go/issues/35671
 	NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
 	NOTE: https://github.com/golang/go/commit/fbcc30a2c9d076b27b4b411e2cec91ec13528081 (go1.17.7)


=====================================
data/dla-needed.txt
=====================================
@@ -36,6 +36,9 @@ gerbv
   NOTE: 20220326: CVE-2021-40401 is fixed https://salsa.debian.org/lts-team/packages/gerbv/-/blob/debian/stretch/debian/patches/CVE-2021-40401.patch (Anton)
   NOTE: 20220326: CVE-2021-4040{0,2,3} do not have confirmed upstream fixes yet. (Anton)
 --
+golang
+  NOTE: 20220402: harmonize with bullseye/11.3 (Beuc)
+--
 golang-go.crypto
   NOTE: 20220331: rebuild reverse-dependencies if needed, e.g. DLA-2402-1 -> DLA-2453-1/DLA-2454-1/DLA-2455-1; also check buster status (Beuc)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ebaf941753e69c6485e3344ce6f01a92d394ff1d...a16ee2c1fdb7ebd4b76773cb8b4c0a65f0952b10

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ebaf941753e69c6485e3344ce6f01a92d394ff1d...a16ee2c1fdb7ebd4b76773cb8b4c0a65f0952b10
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220402/5d45b7c1/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list