[Git][security-tracker-team/security-tracker][master] Add details for CVE-2023-2940{2,3,4,5}/go

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bd93e43c by Salvatore Bonaccorso at 2023-06-07T10:42:44+02:00
Add details for CVE-2023-2940{2,3,4,5}/go

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8483,21 +8483,47 @@ CVE-2023-29405 [cmd/go: improper sanitization of LDFLAGS]
 	- golang-1.20 1.20.5-1
 	[experimental] - golang-1.19 1.19.10-1
 	- golang-1.19 <unfixed>
+	- golang-1.15 <removed>
+	- golang-1.11 <removed>
+	NOTE: https://groups.google.com/g/golang-announce/c/q5135a9d924
+	NOTE: https://github.com/golang/go/issues/60306
+	NOTE: https://github.com/golang/go/commit/fa60c381ed06c12f9c27a7b50ca44c5f84f7f0f4 (go1.20.5)
+	NOTE: https://github.com/golang/go/commit/1008486a9ff979dbd21c7466eeb6abf378f9c637 (go1.20.5)
+	NOTE: https://github.com/golang/go/commit/44e0fb13e783a44463e95926a674fd580daa3a55 (go1.19.10)
+	NOTE: https://github.com/golang/go/commit/3ba9c890b86dc8c3a54c98d32497b7a8012704f9 (go1.19.10)
 CVE-2023-29404 [cmd/go: improper sanitization of LDFLAGS]
 	RESERVED
 	- golang-1.20 1.20.5-1
 	[experimental] - golang-1.19 1.19.10-1
 	- golang-1.19 <unfixed>
+	- golang-1.15 <removed>
+	- golang-1.11 <removed>
+	NOTE: https://groups.google.com/g/golang-announce/c/q5135a9d924
+	NOTE: https://github.com/golang/go/issues/60305
+	NOTE: https://github.com/golang/go/commit/356a419e2f811b65d227abcea1a346f8dcb154e0 (go1.20.5)
+	NOTE: https://github.com/golang/go/commit/bf3c8ce03e175e870763901a3850bca01381a828 (go1.19.10)
 CVE-2023-29403 [runtime: unexpected behavior of setuid/setgid binaries]
 	RESERVED
 	- golang-1.20 1.20.5-1
 	[experimental] - golang-1.19 1.19.10-1
 	- golang-1.19 <unfixed>
+	- golang-1.15 <removed>
+	- golang-1.11 <removed>
+	NOTE: https://groups.google.com/g/golang-announce/c/q5135a9d924
+	NOTE: https://github.com/golang/go/issues/60272
+	NOTE: https://github.com/golang/go/commit/36144ba429ef2650940c72e7a0b932af3612d420 (go1.20.5)
+	NOTE: https://github.com/golang/go/commit/a7b1cd452ddc69a6606c2f35ac5786dc892e62cb (go1.19.10)
 CVE-2023-29402 [cmd/go: cgo code injection]
 	RESERVED
 	- golang-1.20 1.20.5-1
 	[experimental] - golang-1.19 1.19.10-1
 	- golang-1.19 <unfixed>
+	- golang-1.15 <removed>
+	- golang-1.11 <removed>
+	NOTE: https://groups.google.com/g/golang-announce/c/q5135a9d924
+	NOTE: https://github.com/golang/go/issues/60167
+	NOTE: https://github.com/golang/go/commit/c0ed873cd8259f16d0da67eee783fda49f45ef61 (go1.20.5)
+	NOTE: https://github.com/golang/go/commit/c160b49b6d328c86bd76ca2fff9009a71347333f (go.1.19.10)
 CVE-2023-29401
 	RESERVED
 CVE-2023-29400 (Templates containing actions in unquoted HTML attributes (e.g. "attr={ ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd93e43c9591cfbe0d66781e95e299fe126e3e98

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd93e43c9591cfbe0d66781e95e299fe126e3e98
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230607/6c6dcb47/attachment.htm>