[Git][security-tracker-team/security-tracker][master] golang* buster triage/harmonization

Sylvain Beucler (@beuc) beuc at debian.org
Fri Mar 3 15:18:21 GMT 2023



Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9e5eda01 by Sylvain Beucler at 2023-03-03T16:16:00+01:00
golang* buster triage/harmonization

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8419,6 +8419,7 @@ CVE-2023-0476 (A LDAP injection vulnerability exists in Tenable.sc due to improp
 	NOT-FOR-US: Tenable
 CVE-2023-0475 (HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompressi ...)
 	- golang-github-hashicorp-go-getter <unfixed> (bug #1032100)
+	[buster] - golang-github-hashicorp-go-getter <postponed> (Limited support, minor issue, follow bullseye DSAs/point-releases)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2023-4-go-getter-vulnerable-to-denial-of-service-via-malicious-compressed-archive/50125
 CVE-2023-0474 (Use after free in GuestView in Google Chrome prior to 109.0.5414.119 a ...)
 	{DSA-5328-1}
@@ -37702,6 +37703,7 @@ CVE-2022-41728
 	RESERVED
 CVE-2022-41727 (An attacker can craft a malformed TIFF image which will consume a sign ...)
 	- golang-golang-x-image 0.5.0-1
+	[buster] - golang-golang-x-image <postponed> (Limited support, minor issue, DoS)
 CVE-2022-41726
 	RESERVED
 CVE-2022-41725 (A denial of service is possible from excessive resource consumption in ...)
@@ -50332,7 +50334,7 @@ CVE-2021-4236 (Web Sockets do not execute any AuthenticateMethod methods which m
 	NOT-FOR-US: ecnepsnai/web
 CVE-2021-4235 (Due to unbounded alias chasing, a maliciously crafted YAML file can ca ...)
 	- golang-yaml.v2 2.2.8-1
-	[buster] - golang-yaml.v2 <postponed> (Limited support, minor issue, DoS, follow bullseye DSAs/point-releases)
+	[buster] - golang-yaml.v2 <postponed> (Limited support, minor issue, DoS)
 	NOTE: https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241 (v2.2.3)
 	NOTE: https://github.com/go-yaml/yaml/pull/375
 	NOTE: https://pkg.go.dev/vuln/GO-2021-0061
@@ -50340,13 +50342,14 @@ CVE-2020-36569 (Authentication is globally bypassed in github.com/nanobox-io/gol
 	NOT-FOR-US: golang-nanoauth
 CVE-2020-36568 (Unsanitized input in the query parser in github.com/revel/revel before ...)
 	- golang-github-revel-revel 1.0.0-1
+	[buster] - golang-github-revel-revel <postponed> (Limited support, minor issue, DoS)
 	NOTE: https://github.com/revel/revel/pull/1427
 	NOTE: https://github.com/revel/revel/commit/d160ecb72207824005b19778594cbdc272e8a605 (v1.0.0)
 	NOTE: https://github.com/revel/revel/issues/1424
 	NOTE: https://pkg.go.dev/vuln/GO-2020-0003
 CVE-2020-36567 (Unsanitized input in the default logger in github.com/gin-gonic/gin be ...)
 	- golang-github-gin-gonic-gin 1.6.3-1
-	[buster] - golang-github-gin-gonic-gin <postponed> (Limited support, minor issue, follow bullseye DSAs/point-releases)
+	[buster] - golang-github-gin-gonic-gin <postponed> (Limited support, minor issue)
 	NOTE: https://github.com/gin-gonic/gin/pull/2237
 	NOTE: https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d (v1.6.0)
 CVE-2020-36566 (Due to improper path santization, archives containing relative file pa ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e5eda018f4e1f8cfcfda4ea33c7c7b28bfe5131

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e5eda018f4e1f8cfcfda4ea33c7c7b28bfe5131
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230303/ecdd562c/attachment.htm>


More information about the debian-security-tracker-commits mailing list