[Git][security-tracker-team/security-tracker][master] Add CVE-2023-4528{3,4}/go

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Nov 8 05:15:34 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
030ace71 by Salvatore Bonaccorso at 2023-11-08T06:14:32+01:00
Add CVE-2023-4528{3,4}/go

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2023-45284 [path/filepath: recognize device names with trailing spaces and superscripts]
+	- golang-1.21 1.21.4-1
+	- golang-1.20 1.20.11-1
+	- golang-1.19 <unfixed>
+	[bookworm] - golang-1.19 <no-dsa> (Minor issue)
+	- golang-1.15 <removed>
+	[bullseye] - golang-1.15 <no-dsa> (Minor issue)
+	- golang-1.11 <removed>
+	NOTE: https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY
+	NOTE: https://github.com/golang/go/issues/63713
+	NOTE: https://github.com/golang/go/commit/9e933c189ca3a84f12995b3c799364a06abc4376 (go1.21.4)
+	NOTE: https://github.com/golang/go/commit/46fb78168596f7ce8834f528bb0eb9555c08bcae (go1.20.11)
+	TODO: check if it should be considered "windows only" or still tracked due to issue in path parsing for windows paths
+CVE-2023-45283 [path/filepath: recognize \??\ as a Root Local Device path prefix]
+	- golang-1.21 1.21.4-1
+	- golang-1.20 1.20.11-1
+	- golang-1.19 <unfixed>
+	[bookworm] - golang-1.19 <no-dsa> (Minor issue)
+	- golang-1.15 <removed>
+	[bullseye] - golang-1.15 <no-dsa> (Minor issue)
+	- golang-1.11 <removed>
+	NOTE: https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY
+	NOTE: https://github.com/golang/go/issues/63713
+	NOTE: https://github.com/golang/go/commit/9e933c189ca3a84f12995b3c799364a06abc4376 (go1.21.4)
+	NOTE: https://github.com/golang/go/commit/46fb78168596f7ce8834f528bb0eb9555c08bcae (go1.20.11)
+	TODO: check if it should be considered "windows only" or still tracked due to issue in path parsing for windows paths
 CVE-2023-5998 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.)
 	- gpac <unfixed>
 	NOTE: https://huntr.com/bounties/ea02a231-b688-422b-a881-ef415bcf6113



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/030ace71ebe6d418202355bc9d9c0bbb78ceb7b2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/030ace71ebe6d418202355bc9d9c0bbb78ceb7b2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231108/52cd148a/attachment.htm>

More information about the debian-security-tracker-commits mailing list