[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2022-41724/golang-1.11: buster not-affected

Sylvain Beucler (@beuc) beuc at debian.org
Mon Feb 27 13:33:03 GMT 2023 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
36bedc87 by Sylvain Beucler at 2023-02-27T14:33:25+01:00
CVE-2022-41724/golang-1.11: buster not-affected

- - - - -
49dd8c44 by Sylvain Beucler at 2023-02-27T14:33:27+01:00
CVE-2022-41723,CVE-2022-41725/golang-1.11: buster postponed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -36731,6 +36731,7 @@ CVE-2022-41725
 	- golang-1.19 1.19.6-2
 	- golang-1.15 <removed>
 	- golang-1.11 <removed>
+	[buster] - golang-1.11 <postponed> (Limited support, follow bullseye DSAs/point-releases)
 	NOTE: https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
 	NOTE: https://go.dev/issue/58006
 CVE-2022-41724
@@ -36739,9 +36740,12 @@ CVE-2022-41724
 	[experimental] - golang-1.19 1.19.6-1
 	- golang-1.19 1.19.6-2
 	- golang-1.15 <removed>
-	- golang-1.11 <removed>
+	- golang-1.11 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
 	NOTE: https://go.dev/issue/58001
+	NOTE: https://github.com/golang/go/commit/66c58b946beaa38de35241c3f64ec358f5ad03f1 (master)
+	NOTE: Introduced by: https://github.com/golang/go/commit/4c8b09e9183390d6ab80d3f53a9fe5f6ace92f06 (go1.12beta1)
+	NOTE: Introduced by: https://github.com/golang/go/commit/6435d0cfbf72f405f31430e60766add6d6762fe1 (go1.12beta1)
 CVE-2022-41723 [http2/hpack: avoid quadratic complexity in hpack decoding]
 	RESERVED
 	- golang-1.20 1.20.1-1
@@ -36749,6 +36753,7 @@ CVE-2022-41723 [http2/hpack: avoid quadratic complexity in hpack decoding]
 	- golang-1.19 1.19.6-2
 	- golang-1.15 <removed>
 	- golang-1.11 <removed>
+	[buster] - golang-1.11 <postponed> (Limited support, follow bullseye DSAs/point-releases)
 	- golang-golang-x-net 1:0.7.0+dfsg-1
 	NOTE: https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
 	NOTE: https://go.dev/issue/57855



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/27f06521df26bc06480098557d6d71fc594ac4b1...49dd8c44e2066af5b7b11af376b07a303c1bc09e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/27f06521df26bc06480098557d6d71fc594ac4b1...49dd8c44e2066af5b7b11af376b07a303c1bc09e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230227/747a7854/attachment.htm>

More information about the debian-security-tracker-commits mailing list