[Git][security-tracker-team/security-tracker][master] Add CVE-2023-0475/golang-github-hashicorp-go-getter

Thu Feb 16 20:34:02 GMT 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
81895c4a by Salvatore Bonaccorso at 2023-02-16T21:33:33+01:00
Add CVE-2023-0475/golang-github-hashicorp-go-getter

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4186,7 +4186,8 @@ CVE-2023-0477
 CVE-2023-0476 (A LDAP injection vulnerability exists in Tenable.sc due to improper va ...)
 	NOT-FOR-US: Tenable
 CVE-2023-0475 (HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompressi ...)
-	TODO: check
+	- golang-github-hashicorp-go-getter <unfixed>
+	NOTE: https://discuss.hashicorp.com/t/hcsec-2023-4-go-getter-vulnerable-to-denial-of-service-via-malicious-compressed-archive/50125
 CVE-2023-0474 (Use after free in GuestView in Google Chrome prior to 109.0.5414.119 a ...)
 	{DSA-5328-1}
 	- chromium 109.0.5414.119-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81895c4a43df6d50bb06d81734f8380cab5761ab

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81895c4a43df6d50bb06d81734f8380cab5761ab
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230216/9b2f4712/attachment-0001.htm>
