[Git][security-tracker-team/security-tracker][master] new golang issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Apr 14 10:55:27 BST 2022



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
622b3b60 by Moritz Muehlenhoff at 2022-04-14T11:54:16+02:00
new golang issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2329,8 +2329,12 @@ CVE-2022-1201 (NULL Pointer Dereference in mrb_vm_exec with super in GitHub repo
 	[buster] - mruby <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/6f930add-c9d8-4870-ae56-d4bd8354703b
 	NOTE: https://github.com/mruby/mruby/commit/00acae117da1b45b318dc36531a7b0021b8097ae
-CVE-2022-28327
+CVE-2022-28327 [crypto/elliptic: tolerate all oversized scalars in generic P-256]
 	RESERVED
+	- golang-1.18 1.18.1-1
+	- golang-1.17 1.17.9-1
+	NOTE: https://groups.google.com/g/golang-announce/c/oecdBNLOml8
+	NOTE: https://go.dev/issue/52075
 CVE-2022-28326
 	RESERVED
 CVE-2022-28325
@@ -4595,8 +4599,12 @@ CVE-2022-27538
 	RESERVED
 CVE-2022-27537
 	RESERVED
-CVE-2022-27536
+CVE-2022-27536 [crypto/x509: non-compliant certificates can cause a panic in Verify on macOS]
 	RESERVED
+	- golang-1.18 <not-affected> (MacOS-specific)
+	- golang-1.17 <not-affected> (MacOS-specific)
+	NOTE: https://groups.google.com/g/golang-announce/c/oecdBNLOml8
+	NOTE: https://go.dev/issue/51759
 CVE-2022-27535
 	RESERVED
 CVE-2022-27534 (Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security ...)
@@ -12414,8 +12422,12 @@ CVE-2022-24677 (Admin.php in HYBBS2 through 2.3.2 allows remote code execution b
 	NOT-FOR-US: HYBBS2
 CVE-2022-24676 (update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file ...)
 	NOT-FOR-US: HYBBS2
-CVE-2022-24675
+CVE-2022-24675 [golang: encoding/pem: fix stack overflow in Decode]
 	RESERVED
+	- golang-1.18 1.18.1-1
+	- golang-1.17 1.17.9-1
+	NOTE: https://groups.google.com/g/golang-announce/c/oecdBNLOml8
+	NOTE: https://go.dev/issue/51853
 CVE-2022-24674
 	RESERVED
 CVE-2022-24673



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/622b3b60810e630eb923c29e15a507f2494acf29

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/622b3b60810e630eb923c29e15a507f2494acf29
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220414/5b63e746/attachment.htm>


More information about the debian-security-tracker-commits mailing list