[Git][security-tracker-team/security-tracker][master] new go issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Dec 8 15:34:32 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4551c414 by Moritz Muehlenhoff at 2022-12-08T16:34:08+01:00
new go issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16809,13 +16809,24 @@ CVE-2022-41722
 CVE-2022-41721
 	RESERVED
 CVE-2022-41720 (On Windows, restricted files can be accessed via os.DirFS and http.Dir ...)
-	TODO: check
+	- golang-1.19 <not-affected> (Only affects Go on Windows)
+	- golang-1.18 <not-affected> (Only affects Go on Windows)
+	- golang-1.15 <not-affected> (Only affects Go on Windows)
+	- golang-1.11 <not-affected> (Only affects Go on Windows)
+	NOTE: https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU
+	NOTE: https://go.dev/issue/56694
 CVE-2022-41719 (Unmarshal can panic on some inputs, possibly allowing for denial of se ...)
 	TODO: check
 CVE-2022-41718
 	RESERVED
-CVE-2022-41717
+CVE-2022-41717 [go: net/http: limit canonical header cache by bytes, not entries]
 	RESERVED
+	- golang-1.19 1.19.4-1
+	- golang-1.18 1.18.9-1
+	- golang-1.15 <removed>
+	- golang-1.11 <removed>
+	NOTE: https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU
+	NOTE: https://go.dev/issue/56350
 CVE-2022-41716 (Due to unsanitized NUL values, attackers may be able to maliciously se ...)
 	- golang-1.19 <not-affected> (Only affects Go on Windows)
 	- golang-1.18 <not-affected> (Only affects Go on Windows)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4551c4140855f665ef2a6ac271503e8d69f6be1d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4551c4140855f665ef2a6ac271503e8d69f6be1d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221208/330bb025/attachment.htm>

More information about the debian-security-tracker-commits mailing list