[Git][security-tracker-team/security-tracker][master] dla: tidy golang triage
Sylvain Beucler (@beuc)
beuc at debian.org
Wed Aug 2 20:05:05 BST 2023
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cad08bb8 by Sylvain Beucler at 2023-08-02T21:02:36+02:00
dla: tidy golang triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15238,6 +15238,7 @@ CVE-2023-29409
- golang-1.19 1.19.12-1
- golang-1.15 <removed>
- golang-1.11 <removed>
+ [buster] - golang-1.11 <postponed> (Limited support, follow bullseye DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI
CVE-2023-29408
RESERVED
@@ -15249,6 +15250,7 @@ CVE-2023-29406 (The HTTP/1 client does not fully validate the contents of the Ho
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- golang-1.11 <removed>
+ [buster] - golang-1.11 <postponed> (Limited support, minor issue, follow bullseye DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/2q13H6LEEx0
NOTE: https://github.com/golang/go/issues/60374
NOTE: https://github.com/golang/go/commit/312920c00aac9897b2a0693e752390b5b0711a5a (go1.20.6)
@@ -15261,7 +15263,7 @@ CVE-2023-29405 (The go command may execute arbitrary code at build time when usi
- golang-1.15 <removed>
[bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
- [buster] - golang-1.11 <postponed> (Limited support)
+ [buster] - golang-1.11 <postponed> (Limited support, minor issue, follow bullseye DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/q5135a9d924
NOTE: https://github.com/golang/go/issues/60306
NOTE: https://github.com/golang/go/commit/fa60c381ed06c12f9c27a7b50ca44c5f84f7f0f4 (go1.20.5)
@@ -15276,7 +15278,7 @@ CVE-2023-29404 (The go command may execute arbitrary code at build time when usi
- golang-1.15 <removed>
[bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
- [buster] - golang-1.11 <postponed> (Limited support)
+ [buster] - golang-1.11 <postponed> (Limited support, minor issue, follow bullseye DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/q5135a9d924
NOTE: https://github.com/golang/go/issues/60305
NOTE: https://github.com/golang/go/commit/356a419e2f811b65d227abcea1a346f8dcb154e0 (go1.20.5)
@@ -15289,7 +15291,7 @@ CVE-2023-29403 (On Unix platforms, the Go runtime does not behave differently wh
- golang-1.15 <removed>
[bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
- [buster] - golang-1.11 <no-dsa> (Limited support)
+ [buster] - golang-1.11 <postponed> (Limited support, minor issue, follow bullseye DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/q5135a9d924
NOTE: https://github.com/golang/go/issues/60272
NOTE: https://github.com/golang/go/commit/36144ba429ef2650940c72e7a0b932af3612d420 (go1.20.5)
@@ -15302,7 +15304,7 @@ CVE-2023-29402 (The go command may generate unexpected code at build time when u
- golang-1.15 <removed>
[bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
- [buster] - golang-1.11 <postponed> (Limited support)
+ [buster] - golang-1.11 <postponed> (Limited support, minor issue, follow bullseye DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/q5135a9d924
NOTE: https://github.com/golang/go/issues/60167
NOTE: https://github.com/golang/go/commit/c0ed873cd8259f16d0da67eee783fda49f45ef61 (go1.20.5)
@@ -15311,7 +15313,7 @@ CVE-2023-29401 (The filename parameter of the Context.FileAttachment function is
- golang-github-gin-gonic-gin <unfixed> (bug #1037530)
[bookworm] - golang-github-gin-gonic-gin <no-dsa> (Minor issue)
[bullseye] - golang-github-gin-gonic-gin <no-dsa> (Minor issue)
- [buster] - golang-github-gin-gonic-gin <no-dsa> (Minor issue)
+ [buster] - golang-github-gin-gonic-gin <postponed> (Limited support, minor issue, follow bullseye DSAs/point-releases)
NOTE: https://github.com/gin-gonic/gin/issues/3555
NOTE: https://github.com/gin-gonic/gin/commit/2d4bbec941551479b1fdf1e54ece03e6e82a7e72 (v1.9.1)
CVE-2023-29400 (Templates containing actions in unquoted HTML attributes (e.g. "attr={ ...)
@@ -15323,7 +15325,7 @@ CVE-2023-29400 (Templates containing actions in unquoted HTML attributes (e.g. "
- golang-1.15 <removed>
[bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
- [buster] - golang-1.11 <no-dsa> (Minor issue)
+ [buster] - golang-1.11 <postponed> (Limited support, minor issue, follow bullseye DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
NOTE: https://github.com/golang/go/issues/59722
NOTE: https://github.com/golang/go/commit/9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5 (go1.19.9)
@@ -30459,7 +30461,7 @@ CVE-2023-24540 (Not all valid JavaScript whitespace characters are considered to
- golang-1.15 <removed>
[bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
- [buster] - golang-1.11 <no-dsa> (Minor issue)
+ [buster] - golang-1.11 <postponed> (Limited support, minor issue, follow bullseye DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
NOTE: https://github.com/golang/go/issues/59721
NOTE: https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797 (go1.19.9)
@@ -30473,7 +30475,7 @@ CVE-2023-24539 (Angle brackets (<>) are not considered dangerous characters when
- golang-1.15 <removed>
[bullseye] - golang-1.15 <no-dsa> (Minor issue)
- golang-1.11 <removed>
- [buster] - golang-1.11 <no-dsa> (Minor issue)
+ [buster] - golang-1.11 <postponed> (Limited support, minor issue, follow bullseye DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
NOTE: https://github.com/golang/go/issues/59720
NOTE: https://github.com/golang/go/commit/e49282327b05192e46086bf25fd3ac691205fe80 (go1.19.9)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cad08bb815509fb1e88d7ca655e01dd82b2b3c8e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cad08bb815509fb1e88d7ca655e01dd82b2b3c8e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230802/e209d7ea/attachment.htm>
More information about the debian-security-tracker-commits
mailing list