[Git][security-tracker-team/security-tracker][master] golang-1.21 fixed in sid

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Mar 6 07:59:22 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0bb36f2f by Moritz Muehlenhoff at 2024-03-06T08:58:53+01:00
golang-1.21 fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -111,7 +111,7 @@ CVE-2023-52583 [ceph: fix deadlock or deadcode of misusing dget()]
 	NOTE: https://git.kernel.org/linus/b493ad718b1f0357394d2cdecbf00a44a36fa085 (6.8-rc1)
 CVE-2024-24785 [html/template: errors returned from MarshalJSON methods may break template escaping]
 	- golang-1.22 1.22.1-1
-	- golang-1.21 <unfixed>
+	- golang-1.21 1.21.8-1
 	- golang-1.19 <removed>
 	- golang-1.15 <removed>
 	- golang-1.11 <removed>
@@ -120,7 +120,7 @@ CVE-2024-24785 [html/template: errors returned from MarshalJSON methods may brea
 	NOTE: https://github.com/golang/go/commit/3643147a29352ca2894fd5d0d2069bc4b4335a7e (go1.21.8)
 CVE-2024-24784 [net/mail: comments in display names are incorrectly handled]
 	- golang-1.22 1.22.1-1
-	- golang-1.21 <unfixed>
+	- golang-1.21 1.21.8-1
 	- golang-1.19 <removed>
 	- golang-1.15 <removed>
 	- golang-1.11 <removed>
@@ -129,7 +129,7 @@ CVE-2024-24784 [net/mail: comments in display names are incorrectly handled]
 	NOTE: https://github.com/golang/go/commit/263c059b09fdd40d9dd945f2ecb20c89ea28efe5 (go1.21.8)
 CVE-2024-24783 [golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm]
 	- golang-1.22 1.22.1-1
-	- golang-1.21 <unfixed>
+	- golang-1.21 1.21.8-1
 	- golang-1.19 <removed>
 	- golang-1.15 <removed>
 	- golang-1.11 <removed>
@@ -143,7 +143,7 @@ CVE-2023-5685 [StackOverflowException when the chain of notifier states becomes
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2241822
 CVE-2023-45290 [golang: net/http: memory exhaustion in Request.ParseMultipartFor]
 	- golang-1.22 1.22.1-1
-	- golang-1.21 <unfixed>
+	- golang-1.21 1.21.8-1
 	- golang-1.19 <removed>
 	- golang-1.15 <removed>
 	- golang-1.11 <removed>
@@ -152,7 +152,7 @@ CVE-2023-45290 [golang: net/http: memory exhaustion in Request.ParseMultipartFor
 	NOTE: https://github.com/golang/go/commit/bf80213b121074f4ad9b449410a4d13bae5e9be0 (go1.21.8)
 CVE-2023-45289 [golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect]
 	- golang-1.22 1.22.1-1
-	- golang-1.21 <unfixed>
+	- golang-1.21 1.21.8-1
 	- golang-1.19 <removed>
 	- golang-1.15 <removed>
 	- golang-1.11 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bb36f2fddc026e85886835b867d27df33b29118

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bb36f2fddc026e85886835b867d27df33b29118
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240306/771dbb42/attachment.htm>

More information about the debian-security-tracker-commits mailing list