[Git][security-tracker-team/security-tracker][master] Add additional references for CVE-2023-24539, CVE-2023-24540 and CVE-2023-29400

Wed May 3 16:47:40 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fb623e11 by Salvatore Bonaccorso at 2023-05-03T17:46:55+02:00
Add additional references for CVE-2023-24539, CVE-2023-24540 and CVE-2023-29400

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5365,7 +5365,7 @@ CVE-2023-29402
 	RESERVED
 CVE-2023-29401
 	RESERVED
-CVE-2023-29400
+CVE-2023-29400 [html/template: improper handling of empty HTML attributes]
 	RESERVED
 	- golang-1.20 1.20.4-1
 	[experimental] - golang-1.19 1.19.9-1
@@ -5374,6 +5374,8 @@ CVE-2023-29400
 	- golang-1.11 <removed>
 	NOTE: https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
 	NOTE: https://github.com/golang/go/issues/59722
+	NOTE: https://github.com/golang/go/commit/9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5 (go1.19.9)
+	NOTE: https://github.com/golang/go/commit/337dd75343145b74ed2073d793322eb4103b56ad (go1.20.4)
 CVE-2023-1904
 	RESERVED
 CVE-2023-1903 (SAP HCM Fiori App My Forms (Fiori 2.0) - version 605, does not perform ...)
@@ -20074,7 +20076,7 @@ CVE-2023-0511 (Relative Path Traversal vulnerability in ForgeRock Access Managem
 	NOT-FOR-US: ForgeRock
 CVE-2023-0510
 	RESERVED
-CVE-2023-24540
+CVE-2023-24540 [html/template: improper handling of JavaScript whitespace]
 	RESERVED
 	- golang-1.20 1.20.4-1
 	[experimental] - golang-1.19 1.19.9-1
@@ -20083,7 +20085,9 @@ CVE-2023-24540
 	- golang-1.11 <removed>
 	NOTE: https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
 	NOTE: https://github.com/golang/go/issues/59721
-CVE-2023-24539
+	NOTE: https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797 (go1.19.9)
+	NOTE: https://github.com/golang/go/commit/4a28cad66655ee01c6e944271e23c33cab021765 (go1.20.4)
+CVE-2023-24539 [html/template: improper sanitization of CSS values]
 	RESERVED
 	- golang-1.20 1.20.4-1
 	[experimental] - golang-1.19 1.19.9-1
@@ -20092,6 +20096,8 @@ CVE-2023-24539
 	- golang-1.11 <removed>
 	NOTE: https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
 	NOTE: https://github.com/golang/go/issues/59720
+	NOTE: https://github.com/golang/go/commit/e49282327b05192e46086bf25fd3ac691205fe80 (go1.19.9)
+	NOTE: https://github.com/golang/go/commit/090590fdccc8442728aa31601927da1bf2ef1288 (go1.20.4)
 CVE-2023-24538 (Templates do not properly consider backticks (`) as Javascript string  ...)
 	- golang-1.20 1.20.3-1
 	[experimental] - golang-1.19 1.19.8-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb623e11b1358c2c0848dba22b2ebbecd73923c9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb623e11b1358c2c0848dba22b2ebbecd73923c9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230503/b5858c18/attachment.htm>
