[Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-45283/go

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f90d62ef by Salvatore Bonaccorso at 2023-12-05T22:24:59+01:00
Update status for CVE-2023-45283/go

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4498,6 +4498,10 @@ CVE-2023-45283 (The filepath package does not recognize paths with a \??\ prefix
 	NOTE: https://github.com/golang/go/issues/63713
 	NOTE: https://github.com/golang/go/commit/9e933c189ca3a84f12995b3c799364a06abc4376 (go1.21.4)
 	NOTE: https://github.com/golang/go/commit/46fb78168596f7ce8834f528bb0eb9555c08bcae (go1.20.11)
+	NOTE: Requires a followup: https://www.openwall.com/lists/oss-security/2023/12/05/2
+	NOTE: https://go.dev/issue/64028
+	NOTE: https://github.com/golang/go/commit/8caf4bb3e78d0bc2d5598645b89ed8f0e9bd68f2 (go1.21.5)
+	NOTE: https://github.com/golang/go/commit/1b59b017db1ac4a63ed08173c00d7f08d47530be (go1.20.12)
 	NOTE: No security impact for Debian packages, only affects code running on Windows
 CVE-2023-5998 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.)
 	- gpac <unfixed> (bug #1056282)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f90d62ef6c10f2b6d238a9c172c8e8595c33fd8e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f90d62ef6c10f2b6d238a9c172c8e8595c33fd8e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231205/728f0baa/attachment.htm>