[Git][security-tracker-team/security-tracker][master] Add CVE-2024-28180/golang-github-go-jose-go-jose

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7b4444eb by Salvatore Bonaccorso at 2024-03-09T17:39:59+01:00
Add CVE-2024-28180/golang-github-go-jose-go-jose

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,12 @@ CVE-2024-28753 (RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers
 CVE-2024-28184 (WeasyPrint helps web developers to create PDF documents. Since version ...)
 	NOT-FOR-US: WeasyPrint
 CVE-2024-28180 (Package jose aims to provide an implementation of the Javascript Objec ...)
-	TODO: check
+	- golang-github-go-jose-go-jose <unfixed>
+	NOTE: https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g
+	NOTE: https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298 (v2.6.3)
+	NOTE: https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a (v3.0.3)
+	NOTE: https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502 (v4.0.1)
+	TODO: check completeness
 CVE-2024-28176 (jose is JavaScript module for JSON Object Signing and Encryption, prov ...)
 	TODO: check
 CVE-2024-28123 (Wasmi is an efficient and lightweight WebAssembly interpreter with a f ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b4444eb8022a801b0bfb4b4ef1d789cb87c1e29

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b4444eb8022a801b0bfb4b4ef1d789cb87c1e29
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240309/29219adf/attachment.htm>