[Git][security-tracker-team/security-tracker][master] Track fixed version for golang-1.19 issues via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Apr 10 12:27:03 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ac65735a by Salvatore Bonaccorso at 2023-04-10T13:26:31+02:00
Track fixed version for golang-1.19 issues via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16732,7 +16732,7 @@ CVE-2023-24539
CVE-2023-24538 (Templates do not properly consider backticks (`) as Javascript string ...)
- golang-1.20 1.20.3-1
[experimental] - golang-1.19 1.19.8-1
- - golang-1.19 <unfixed>
+ - golang-1.19 1.19.8-2
- golang-1.15 <removed>
- golang-1.11 <removed>
NOTE: https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8
@@ -16742,7 +16742,7 @@ CVE-2023-24538 (Templates do not properly consider backticks (`) as Javascript s
CVE-2023-24537 (Calling any of the Parse functions on Go source code which contains // ...)
- golang-1.20 1.20.3-1
[experimental] - golang-1.19 1.19.8-1
- - golang-1.19 <unfixed>
+ - golang-1.19 1.19.8-2
- golang-1.15 <removed>
- golang-1.11 <removed>
NOTE: https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8
@@ -16753,7 +16753,7 @@ CVE-2023-24537 (Calling any of the Parse functions on Go source code which conta
CVE-2023-24536 (Multipart form parsing can consume large amounts of CPU and memory whe ...)
- golang-1.20 1.20.3-1
[experimental] - golang-1.19 1.19.8-1
- - golang-1.19 <unfixed>
+ - golang-1.19 1.19.8-2
- golang-1.15 <removed>
- golang-1.11 <removed>
NOTE: https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8
@@ -16765,7 +16765,7 @@ CVE-2023-24535
CVE-2023-24534 (HTTP and MIME header parsing can allocate large amounts of memory, eve ...)
- golang-1.20 1.20.3-1
[experimental] - golang-1.19 1.19.8-1
- - golang-1.19 <unfixed>
+ - golang-1.19 1.19.8-2
- golang-1.15 <removed>
- golang-1.11 <removed>
NOTE: https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8
@@ -16777,7 +16777,7 @@ CVE-2023-24533 (Multiplication of certain unreduced P-256 scalars produce incorr
CVE-2023-24532 (The ScalarMult and ScalarBaseMult methods of the P256 Curve may return ...)
- golang-1.20 1.20.2-1
[experimental] - golang-1.19 1.19.7-1
- - golang-1.19 <unfixed>
+ - golang-1.19 1.19.8-2
- golang-1.15 <removed>
[bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac65735a2d8ad0f4c44dbf2f3828a4bc2dc6c72e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac65735a2d8ad0f4c44dbf2f3828a4bc2dc6c72e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230410/c1f1a3d4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list