[Git][security-tracker-team/security-tracker][master] mark two golang issues as unimportant
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Nov 13 22:13:19 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3f2ba75b by Moritz Muehlenhoff at 2023-11-13T22:58:01+01:00
mark two golang issues as unimportant
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -697,33 +697,27 @@ CVE-2023-41112 (An issue was discovered in Samsung Mobile Processor, Wearable Pr
CVE-2023-41111 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
NOT-FOR-US: Samsung
CVE-2023-45284 (On Windows, The IsLocal function does not correctly detect reserved de ...)
- - golang-1.21 1.21.4-1
- - golang-1.20 1.20.11-1
- - golang-1.19 <unfixed>
- [bookworm] - golang-1.19 <no-dsa> (Minor issue)
- - golang-1.15 <removed>
- [bullseye] - golang-1.15 <no-dsa> (Minor issue)
- - golang-1.11 <removed>
- [buster] - golang-1.11 <no-dsa> (Minor issue)
+ - golang-1.21 1.21.4-1 (unimportant)
+ - golang-1.20 1.20.11-1 (unimportant)
+ - golang-1.19 <unfixed> (unimportant)
+ - golang-1.15 <removed> (unimportant)
+ - golang-1.11 <removed> (unimportant)
NOTE: https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY
NOTE: https://github.com/golang/go/issues/63713
NOTE: https://github.com/golang/go/commit/9e933c189ca3a84f12995b3c799364a06abc4376 (go1.21.4)
NOTE: https://github.com/golang/go/commit/46fb78168596f7ce8834f528bb0eb9555c08bcae (go1.20.11)
- TODO: check if it should be considered "windows only" or still tracked due to issue in path parsing for windows paths
+ NOTE: No security impact for Debian packages, only affects code running on Windows
CVE-2023-45283 (The filepath package does not recognize paths with a \??\ prefix as sp ...)
- - golang-1.21 1.21.4-1
- - golang-1.20 1.20.11-1
- - golang-1.19 <unfixed>
- [bookworm] - golang-1.19 <no-dsa> (Minor issue)
- - golang-1.15 <removed>
- [bullseye] - golang-1.15 <no-dsa> (Minor issue)
- - golang-1.11 <removed>
- [buster] - golang-1.11 <no-dsa> (Minor issue)
+ - golang-1.21 1.21.4-1 (unimportant)
+ - golang-1.20 1.20.11-1 (unimportant)
+ - golang-1.19 <unfixed> (unimportant)
+ - golang-1.15 <removed> (unimportant)
+ - golang-1.11 <removed> (unimportant)
NOTE: https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY
NOTE: https://github.com/golang/go/issues/63713
NOTE: https://github.com/golang/go/commit/9e933c189ca3a84f12995b3c799364a06abc4376 (go1.21.4)
NOTE: https://github.com/golang/go/commit/46fb78168596f7ce8834f528bb0eb9555c08bcae (go1.20.11)
- TODO: check if it should be considered "windows only" or still tracked due to issue in path parsing for windows paths
+ NOTE: No security impact for Debian packages, only affects code running on Windows
CVE-2023-5998 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.)
- gpac <unfixed>
[buster] - gpac <end-of-life> (EOL in buster LTS)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f2ba75bab7f8928204dfed82d3dcfb8a6be1f16
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f2ba75bab7f8928204dfed82d3dcfb8a6be1f16
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231113/23d119ef/attachment.htm>
More information about the debian-security-tracker-commits
mailing list