[Git][security-tracker-team/security-tracker][master] Track fixed version for golang CVE-2022-23806 CVE-2022-23772 CVE-2022-23773 via unstable
Shengjing Zhu (@zhsj)
zhsj at debian.org
Fri Feb 11 15:23:16 GMT 2022
Shengjing Zhu pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f18b018c by Shengjing Zhu at 2022-02-11T23:23:03+08:00
Track fixed version for golang CVE-2022-23806 CVE-2022-23772 CVE-2022-23773 via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3776,7 +3776,15 @@ CVE-2022-23807 (An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 b
NOTE: https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/3 (missing 2FA packages)
NOTE: 2FA support is not packaged in Debian
CVE-2022-23806 (Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x bef ...)
- TODO: check
+ - golang-1.18 <unfixed>
+ - golang-1.17 1.17.7-1
+ - golang-1.15 <removed>
+ - golang-1.11 <removed>
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ NOTE: https://github.com/golang/go/issues/50974
+ NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
+ NOTE: https://github.com/golang/go/commit/e16331902340c02bdf1831b5508df2307b871ef6 (go1.17.7)
CVE-2022-23805 (A security out-of-bounds read information disclosure vulnerability in ...)
NOT-FOR-US: Trend Micro
CVE-2022-23804
@@ -3884,9 +3892,25 @@ CVE-2022-23775
CVE-2022-23774 (Docker Desktop before 4.4.4 on Windows allows attackers to move arbitr ...)
NOT-FOR-US: Docker Desktop
CVE-2022-23773 (cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret ...)
- TODO: check
+ - golang-1.18 <unfixed>
+ - golang-1.17 1.17.7-1
+ - golang-1.15 <removed>
+ - golang-1.11 <removed>
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ NOTE: https://github.com/golang/go/issues/35671
+ NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
+ NOTE: https://github.com/golang/go/commit/fbcc30a2c9d076b27b4b411e2cec91ec13528081 (go1.17.7)
CVE-2022-23772 (Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17. ...)
- TODO: check
+ - golang-1.18 1.18~beta2-1
+ - golang-1.17 1.17.7-1
+ - golang-1.15 <removed>
+ - golang-1.11 <removed>
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ NOTE: https://github.com/golang/go/issues/50699
+ NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
+ NOTE: https://github.com/golang/go/commit/539d430efb5043cc6a2d4d4fcd2866b11717039a (go1.17.7)
CVE-2022-23771
RESERVED
CVE-2022-23770
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f18b018cfdc51a2ae9861ebfcc2ce30f29749100
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f18b018cfdc51a2ae9861ebfcc2ce30f29749100
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220211/277310ce/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list