[Git][security-tracker-team/security-tracker][master] Revert change for not-affected on CVE-2022-41722/go
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 12 12:12:26 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
29f7d181 by Salvatore Bonaccorso at 2023-04-12T13:12:05+02:00
Revert change for not-affected on CVE-2022-41722/go
It affects people cross compile windows binary on Debian.
Thanks: Shengjing Zhu
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -47051,11 +47051,13 @@ CVE-2022-41723 (A maliciously crafted HTTP/2 stream could cause excessive CPU co
NOTE: https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
NOTE: https://go.dev/issue/57855
CVE-2022-41722 (A path traversal vulnerability exists in filepath.Clean on Windows. On ...)
- - golang-1.20 <not-affected> (Windows-specific)
- - golang-1.19 <not-affected> (Windows-specific)
- - golang-1.15 <not-affected> (Windows-specific)
- - golang-1.11 <not-affected> (Windows-specific)
+ - golang-1.20 1.20.1-1 (unimportant)
+ [experimental] - golang-1.19 1.19.6-1
+ - golang-1.19 1.19.6-2 (unimportant)
+ - golang-1.15 <removed> (unimportant)
+ - golang-1.11 <removed> (unimportant)
NOTE: https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
+ NOTE: Only affects code cross compiled on Debian for Windows binaries
CVE-2022-41721 (A request smuggling attack is possible when using MaxBytesHandler. Whe ...)
- golang-golang-x-net 1:0.4.0+dfsg-1
[bullseye] - golang-golang-x-net <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29f7d181bd88e363de11541667af407043579f00
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29f7d181bd88e363de11541667af407043579f00
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230412/2ce266cf/attachment.htm>
More information about the debian-security-tracker-commits
mailing list