[Git][security-tracker-team/security-tracker][master] golang* buster triage/harmonization

Sylvain Beucler (@beuc) beuc at debian.org
Fri Jan 6 13:17:01 GMT 2023



Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3a61088e by Sylvain Beucler at 2023-01-06T14:14:25+01:00
golang* buster triage/harmonization

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -740,7 +740,7 @@ CVE-2020-36637 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chr
 CVE-2018-25060 (A vulnerability was found in Macaron csrf and classified as problemati ...)
 	- golang-github-go-macaron-csrf <unfixed>
 	[bullseye] - golang-github-go-macaron-csrf <no-dsa> (Minor issue)
-	[buster] - golang-github-go-macaron-csrf <no-dsa> (Minor issue)
+	[buster] - golang-github-go-macaron-csrf <postponed> (Limited support, minor issue, follow bullseye DSAs/point-releases)
 	NOTE: https://github.com/go-macaron/csrf/commit/dadd1711a617000b70e5e408a76531b73187031c
 	NOTE: https://github.com/go-macaron/csrf/pull/7
 CVE-2018-25059 (A vulnerability was found in pastebinit up to 0.2.2 and classified as  ...)
@@ -1891,7 +1891,7 @@ CVE-2020-36628 (A vulnerability classified as critical has been found in Calsign
 	NOT-FOR-US: Calsign APDE
 CVE-2020-36627 (A vulnerability was found in Macaron i18n. It has been declared as pro ...)
 	- golang-github-go-macaron-i18n <unfixed>
-	[buster] - golang-github-go-macaron-i18n <no-dsa> (Minor issue)
+	[buster] - golang-github-go-macaron-i18n <postponed> (Limited support, minor issue, follow bullseye DSAs/point-releases)
 	NOTE: https://github.com/go-macaron/i18n/commit/329b0c4844cc16a5a253c011b55180598e707735 (v0.5.0)
 CVE-2020-36626 (A vulnerability classified as critical has been found in Modern Tribe  ...)
 	NOT-FOR-US: Modern Tribe Panel Builder Plugin
@@ -36079,6 +36079,7 @@ CVE-2022-2583 (A race condition can cause incorrect HTTP request routing. ...)
 	TODO: check
 CVE-2022-2582 (The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext along ...)
 	- golang-github-aws-aws-sdk-go 1.34.22-1
+	[buster] - golang-github-aws-aws-sdk-go <postponed> (Limited support, minor issue, hash leak, invasive, follow bullseye DSAs/point-releases)
 	NOTE: https://github.com/aws/aws-sdk-go/commit/35fa6ddf45c061e0f08d3a3b5119f8f4da38f6d1 (v1.33.0)
 CVE-2021-4239 (The Noise protocol implementation suffers from weakened cryptographic  ...)
 	TODO: check
@@ -36090,6 +36091,7 @@ CVE-2021-4236 (Web Sockets do not execute any AuthenticateMethod methods which m
 	TODO: check
 CVE-2021-4235 (Due to unbounded alias chasing, a maliciously crafted YAML file can ca ...)
 	- golang-yaml.v2 2.2.8-1
+	[buster] - golang-yaml.v2 <postponed> (Limited support, minor issue, DoS, follow bullseye DSAs/point-releases)
 	NOTE: https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241 (v2.2.3)
 	NOTE: https://github.com/go-yaml/yaml/pull/375
 	NOTE: https://pkg.go.dev/vuln/GO-2021-0061
@@ -36099,7 +36101,7 @@ CVE-2020-36568 (Unsanitized input in the query parser in github.com/revel/revel
 	TODO: check
 CVE-2020-36567 (Unsanitized input in the default logger in github.com/gin-gonic/gin be ...)
 	- golang-github-gin-gonic-gin 1.6.3-1
-	[buster] - golang-github-gin-gonic-gin <no-dsa> (Minor issue)
+	[buster] - golang-github-gin-gonic-gin <postponed> (Limited support, minor issue, follow bullseye DSAs/point-releases)
 	NOTE: https://github.com/gin-gonic/gin/pull/2237
 	NOTE: https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d (v1.6.0)
 CVE-2020-36566 (Due to improper path santization, archives containing relative file pa ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a61088eec6ae7dc79e6e3c8435adde270fb3201

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a61088eec6ae7dc79e6e3c8435adde270fb3201
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230106/dac1748a/attachment.htm>


More information about the debian-security-tracker-commits mailing list