[Git][security-tracker-team/security-tracker][master] Add CVE-2017-20146/golang-github-gorilla-handlers
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 5 06:58:05 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9c7ccd66 by Salvatore Bonaccorso at 2023-01-05T07:57:28+01:00
Add CVE-2017-20146/golang-github-gorilla-handlers
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -35880,7 +35880,9 @@ CVE-2019-25072 (Due to support of Gzip compression in request bodies, as well as
CVE-2018-25046 (Due to improper path santization, archives containing relative file pa ...)
TODO: check
CVE-2017-20146 (Usage of the CORS handler may apply improper CORS headers, allowing th ...)
- TODO: check
+ - golang-github-gorilla-handlers 1.3.0-1
+ NOTE: https://github.com/gorilla/handlers/pull/116
+ NOTE: https://github.com/gorilla/handlers/commit/90663712d74cb411cbef281bc1e08c19d1a76145 (v1.3.0)
CVE-2015-10004 (Token validation methods are susceptible to a timing side-channel duri ...)
TODO: check
CVE-2014-125026 (LZ4 bindings use a deprecated C API that is vulnerable to memory corru ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c7ccd66662ae2cff8f0ee63b890ee439ffdf9d7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c7ccd66662ae2cff8f0ee63b890ee439ffdf9d7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230105/e3b1beb3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list