[Git][security-tracker-team/security-tracker][master] golang* buster triage/harmonization
Sylvain Beucler (@beuc)
beuc at debian.org
Fri Mar 3 15:18:21 GMT 2023
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9e5eda01 by Sylvain Beucler at 2023-03-03T16:16:00+01:00
golang* buster triage/harmonization
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8419,6 +8419,7 @@ CVE-2023-0476 (A LDAP injection vulnerability exists in Tenable.sc due to improp
NOT-FOR-US: Tenable
CVE-2023-0475 (HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompressi ...)
- golang-github-hashicorp-go-getter <unfixed> (bug #1032100)
+ [buster] - golang-github-hashicorp-go-getter <postponed> (Limited support, minor issue, follow bullseye DSAs/point-releases)
NOTE: https://discuss.hashicorp.com/t/hcsec-2023-4-go-getter-vulnerable-to-denial-of-service-via-malicious-compressed-archive/50125
CVE-2023-0474 (Use after free in GuestView in Google Chrome prior to 109.0.5414.119 a ...)
{DSA-5328-1}
@@ -37702,6 +37703,7 @@ CVE-2022-41728
RESERVED
CVE-2022-41727 (An attacker can craft a malformed TIFF image which will consume a sign ...)
- golang-golang-x-image 0.5.0-1
+ [buster] - golang-golang-x-image <postponed> (Limited support, minor issue, DoS)
CVE-2022-41726
RESERVED
CVE-2022-41725 (A denial of service is possible from excessive resource consumption in ...)
@@ -50332,7 +50334,7 @@ CVE-2021-4236 (Web Sockets do not execute any AuthenticateMethod methods which m
NOT-FOR-US: ecnepsnai/web
CVE-2021-4235 (Due to unbounded alias chasing, a maliciously crafted YAML file can ca ...)
- golang-yaml.v2 2.2.8-1
- [buster] - golang-yaml.v2 <postponed> (Limited support, minor issue, DoS, follow bullseye DSAs/point-releases)
+ [buster] - golang-yaml.v2 <postponed> (Limited support, minor issue, DoS)
NOTE: https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241 (v2.2.3)
NOTE: https://github.com/go-yaml/yaml/pull/375
NOTE: https://pkg.go.dev/vuln/GO-2021-0061
@@ -50340,13 +50342,14 @@ CVE-2020-36569 (Authentication is globally bypassed in github.com/nanobox-io/gol
NOT-FOR-US: golang-nanoauth
CVE-2020-36568 (Unsanitized input in the query parser in github.com/revel/revel before ...)
- golang-github-revel-revel 1.0.0-1
+ [buster] - golang-github-revel-revel <postponed> (Limited support, minor issue, DoS)
NOTE: https://github.com/revel/revel/pull/1427
NOTE: https://github.com/revel/revel/commit/d160ecb72207824005b19778594cbdc272e8a605 (v1.0.0)
NOTE: https://github.com/revel/revel/issues/1424
NOTE: https://pkg.go.dev/vuln/GO-2020-0003
CVE-2020-36567 (Unsanitized input in the default logger in github.com/gin-gonic/gin be ...)
- golang-github-gin-gonic-gin 1.6.3-1
- [buster] - golang-github-gin-gonic-gin <postponed> (Limited support, minor issue, follow bullseye DSAs/point-releases)
+ [buster] - golang-github-gin-gonic-gin <postponed> (Limited support, minor issue)
NOTE: https://github.com/gin-gonic/gin/pull/2237
NOTE: https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d (v1.6.0)
CVE-2020-36566 (Due to improper path santization, archives containing relative file pa ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e5eda018f4e1f8cfcfda4ea33c7c7b28bfe5131
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e5eda018f4e1f8cfcfda4ea33c7c7b28bfe5131
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230303/ecdd562c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list