[Git][security-tracker-team/security-tracker][master] DLA-3395-1/golang-1.11: drop fix for CVE-2022-23772

Sylvain Beucler (@beuc) beuc at debian.org
Wed Apr 19 22:43:46 BST 2023 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1a84b20b by Sylvain Beucler at 2023-04-19T23:43:24+02:00
DLA-3395-1/golang-1.11: drop fix for CVE-2022-23772

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -100204,12 +100204,13 @@ CVE-2022-23773 (cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinte
 	NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
 	NOTE: https://github.com/golang/go/commit/fbcc30a2c9d076b27b4b411e2cec91ec13528081 (go1.17.7)
 CVE-2022-23772 (Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17. ...)
-	{DLA-3395-1 DLA-2986-1 DLA-2985-1}
+	{DLA-2986-1 DLA-2985-1}
 	- golang-1.18 1.18~beta2-1
 	- golang-1.17 1.17.7-1
 	- golang-1.15 <removed>
 	[bullseye] - golang-1.15 1.15.15-1~deb11u3
 	- golang-1.11 <removed>
+	[buster] - golang-1.11 <ignored> (Limited support, minor issue, DoS, code is different, importing Rat.SetString from 1.16 causes arm64-specific test suite failures)
 	- golang-1.8 <removed>
 	- golang-1.7 <removed>
 	NOTE: https://github.com/golang/go/issues/50699


=====================================
data/DLA/list
=====================================
@@ -1,6 +1,6 @@
 [19 Apr 2023] DLA-3395-1 golang-1.11 - security update
-	{CVE-2020-28367 CVE-2021-33196 CVE-2021-36221 CVE-2021-38297 CVE-2021-39293 CVE-2021-41771 CVE-2021-44716 CVE-2021-44717 CVE-2022-23772 CVE-2022-23806 CVE-2022-24921}
-	[buster] - golang-1.11 1.11.6-1+deb10u5
+	{CVE-2020-28367 CVE-2021-33196 CVE-2021-36221 CVE-2021-38297 CVE-2021-39293 CVE-2021-41771 CVE-2021-44716 CVE-2021-44717 CVE-2022-23806 CVE-2022-24921}
+	[buster] - golang-1.11 1.11.6-1+deb10u6
 [19 Apr 2023] DLA-3394-1 asterisk - security update
 	{CVE-2023-27585}
 	[buster] - asterisk 1:16.28.0~dfsg-0+deb10u3



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a84b20b20bcc3488f2ba8348eafa0ebf3940b81

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a84b20b20bcc3488f2ba8348eafa0ebf3940b81
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230419/6069f3e7/attachment.htm>

More information about the debian-security-tracker-commits mailing list