[Git][security-tracker-team/security-tracker][master] golang-github-masterminds-goutils n/a, NFU (concludes external check)

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jan 11 10:05:22 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6c99b673 by Moritz Muehlenhoff at 2023-01-11T11:04:53+01:00
golang-github-masterminds-goutils n/a, NFU (concludes external check)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37529,7 +37529,9 @@ CVE-2022-2582 (The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext
 CVE-2021-4239 (The Noise protocol implementation suffers from weakened cryptographic  ...)
 	TODO: check
 CVE-2021-4238 (Randomly-generated alphanumeric strings contain significantly less ent ...)
-	TODO: check
+	- golang-github-masterminds-goutils <not-affected> (Fixed in initial upload to the archive)
+	NOTE: https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1
+	NOTE: https://pkg.go.dev/vuln/GO-2022-0411
 CVE-2021-4237
 	RESERVED
 CVE-2021-4236 (Web Sockets do not execute any AuthenticateMethod methods which may be ...)
@@ -37606,7 +37608,7 @@ CVE-2020-36559 (Due to improper santization of user input, HTTPEngine.Handle all
 CVE-2019-25072 (Due to support of Gzip compression in request bodies, as well as a lac ...)
 	TODO: check
 CVE-2018-25046 (Due to improper path santization, archives containing relative file pa ...)
-	TODO: check
+	NOT-FOR-US: GO code.cloudfoundry.org/archiver
 CVE-2017-20146 (Usage of the CORS handler may apply improper CORS headers, allowing th ...)
 	- golang-github-gorilla-handlers 1.3.0-1
 	NOTE: https://github.com/gorilla/handlers/pull/116



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c99b6734f1b35fe2b94a9787d04821de9b7e43d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c99b6734f1b35fe2b94a9787d04821de9b7e43d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230111/9a0dd2c6/attachment.htm>

More information about the debian-security-tracker-commits mailing list