[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-39326 and CVE-2023-45285 for golang-1.20

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 6 09:04:52 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ed4e647b by Salvatore Bonaccorso at 2023-12-06T10:03:40+01:00
Track fixed version for CVE-2023-39326 and CVE-2023-45285 for golang-1.20

Bump as well the tracked version for CVE-2023-45283 for the complete
fix version.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -55,7 +55,7 @@ CVE-2023-6508 (Use after free in Media Stream in Google Chrome prior to 120.0.60
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-39326 [net/http: limit chunked data overhead]
 	- golang-1.21 <unfixed>
-	- golang-1.20 <unfixed>
+	- golang-1.20 1.20.12-1
 	- golang-1.19 <removed>
 	- golang-1.15 <removed>
 	- golang-1.11 <removed>
@@ -64,7 +64,7 @@ CVE-2023-39326 [net/http: limit chunked data overhead]
 	NOTE: https://github.com/golang/go/commit/6446af942e2e2b161c4ec1b60d9703a2b55dc4dd (go1.20.12)
 CVE-2023-45285 [cmd/go: go get may unexpectedly fallback to insecure git]
 	- golang-1.21 <unfixed>
-	- golang-1.20 <unfixed>
+	- golang-1.20 1.20.12-1
 	- golang-1.19 <removed>
 	- golang-1.15 <removed>
 	- golang-1.11 <removed>
@@ -4567,7 +4567,7 @@ CVE-2023-45284 (On Windows, The IsLocal function does not correctly detect reser
 	NOTE: No security impact for Debian packages, only affects code running on Windows
 CVE-2023-45283 (The filepath package does not recognize paths with a \??\ prefix as sp ...)
 	- golang-1.21 1.21.4-1 (unimportant)
-	- golang-1.20 1.20.11-1 (unimportant)
+	- golang-1.20 1.20.12-1 (unimportant)
 	- golang-1.19 <removed> (unimportant)
 	- golang-1.15 <removed> (unimportant)
 	- golang-1.11 <removed> (unimportant)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed4e647bcfe861389b13e0492c80a787d6ba7c3f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed4e647bcfe861389b13e0492c80a787d6ba7c3f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231206/8355d657/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list