[Git][security-tracker-team/security-tracker][master] Track fixed version for golang-1.18 CVE-2022-24921

Wed Mar 16 06:50:31 GMT 2022


Shengjing Zhu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e2b4d5eb by Shengjing Zhu at 2022-03-16T14:50:00+08:00
Track fixed version for golang-1.18 CVE-2022-24921

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6183,7 +6183,7 @@ CVE-2022-24923 (Improper access control vulnerability in Samsung SearchWidget pr
 CVE-2022-24922
 	RESERVED
 CVE-2022-24921 (regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows st ...)
-	- golang-1.18 <unfixed>
+	- golang-1.18 1.18~rc1-1
 	- golang-1.17 1.17.8-1
 	- golang-1.15 <removed>
 	[bullseye] - golang-1.15 <no-dsa> (Minor issue)
@@ -6194,6 +6194,7 @@ CVE-2022-24921 (regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 all
 	NOTE: https://github.com/golang/go/issues/51112
 	NOTE: https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk
 	NOTE: https://github.com/golang/go/commit/ac071634c487eb6ac5422652de3c7c18fba7c522 (go1.17.8)
+	NOTE: https://github.com/golang/go/commit/452f24ae94f38afa3704d4361d91d51218405c0a (go1.18rc1)
 CVE-2022-24920
 	RESERVED
 CVE-2022-24919 (An authenticated user can create a link with reflected Javascript code ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2b4d5ebec58941e210ceabb064b1e62ac052931

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2b4d5ebec58941e210ceabb064b1e62ac052931
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220316/54abde05/attachment-0001.htm>
