[Git][security-tracker-team/security-tracker][master] Add initial tracking for golang-1.21 issues

Thu Sep 7 07:13:30 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b8da5dc1 by Salvatore Bonaccorso at 2023-09-07T08:12:50+02:00
Add initial tracking for golang-1.21 issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -20638,9 +20638,17 @@ CVE-2023-29411 (A CWE-306: Missing Authentication for Critical Function vulnerab
 	NOT-FOR-US: Schneider
 CVE-2023-29410 (A CWE-20: Improper Input Validation vulnerability exists that could al ...)
 	NOT-FOR-US: Schneider
+CVE-2023-39322 [crypto/tls: panic when processing post-handshake message on QUIC connections]
+	- golang-1.21 1.21.1-1
+CVE-2023-39321 [crypto/tls: panic when processing post-handshake message on QUIC connections]
+	- golang-1.21 1.21.1-1
+CVE-2023-39320 [cmd/go: go.mod toolchain directive allows arbitrary execution]
+	- golang-1.21 1.21.1-1
 CVE-2023-39319 [html/template: improper handling of special tags within script contexts]
+	- golang-1.21 1.21.1-1
 	- golang-1.20 1.20.8-1
 CVE-2023-39318 [html/template: improper handling of HTML-like comments within script contexts]
+	- golang-1.21 1.21.1-1
 	- golang-1.20 1.20.8-1
 CVE-2023-29409 (Extremely large RSA keys in certificate chains can cause a client/serv ...)
 	- golang-1.20 1.20.7-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8da5dc19ec0cd21cd69701b273025a74184964f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8da5dc19ec0cd21cd69701b273025a74184964f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230907/0d261040/attachment.htm>
