[Git][security-tracker-team/security-tracker][master] Track fixed version for golang-1.19 issues via unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Apr 10 12:27:03 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ac65735a by Salvatore Bonaccorso at 2023-04-10T13:26:31+02:00
Track fixed version for golang-1.19 issues via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16732,7 +16732,7 @@ CVE-2023-24539
 CVE-2023-24538 (Templates do not properly consider backticks (`) as Javascript string  ...)
 	- golang-1.20 1.20.3-1
 	[experimental] - golang-1.19 1.19.8-1
-	- golang-1.19 <unfixed>
+	- golang-1.19 1.19.8-2
 	- golang-1.15 <removed>
 	- golang-1.11 <removed>
 	NOTE: https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8
@@ -16742,7 +16742,7 @@ CVE-2023-24538 (Templates do not properly consider backticks (`) as Javascript s
 CVE-2023-24537 (Calling any of the Parse functions on Go source code which contains // ...)
 	- golang-1.20 1.20.3-1
 	[experimental] - golang-1.19 1.19.8-1
-	- golang-1.19 <unfixed>
+	- golang-1.19 1.19.8-2
 	- golang-1.15 <removed>
 	- golang-1.11 <removed>
 	NOTE: https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8
@@ -16753,7 +16753,7 @@ CVE-2023-24537 (Calling any of the Parse functions on Go source code which conta
 CVE-2023-24536 (Multipart form parsing can consume large amounts of CPU and memory whe ...)
 	- golang-1.20 1.20.3-1
 	[experimental] - golang-1.19 1.19.8-1
-	- golang-1.19 <unfixed>
+	- golang-1.19 1.19.8-2
 	- golang-1.15 <removed>
 	- golang-1.11 <removed>
 	NOTE: https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8
@@ -16765,7 +16765,7 @@ CVE-2023-24535
 CVE-2023-24534 (HTTP and MIME header parsing can allocate large amounts of memory, eve ...)
 	- golang-1.20 1.20.3-1
 	[experimental] - golang-1.19 1.19.8-1
-	- golang-1.19 <unfixed>
+	- golang-1.19 1.19.8-2
 	- golang-1.15 <removed>
 	- golang-1.11 <removed>
 	NOTE: https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8
@@ -16777,7 +16777,7 @@ CVE-2023-24533 (Multiplication of certain unreduced P-256 scalars produce incorr
 CVE-2023-24532 (The ScalarMult and ScalarBaseMult methods of the P256 Curve may return ...)
 	- golang-1.20 1.20.2-1
 	[experimental] - golang-1.19 1.19.7-1
-	- golang-1.19 <unfixed>
+	- golang-1.19 1.19.8-2
 	- golang-1.15 <removed>
 	[bullseye] - golang-1.15 <no-dsa> (Minor issue)
 	- golang-1.11 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac65735a2d8ad0f4c44dbf2f3828a4bc2dc6c72e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac65735a2d8ad0f4c44dbf2f3828a4bc2dc6c72e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230410/c1f1a3d4/attachment.htm>


More information about the debian-security-tracker-commits mailing list