[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2025-6172{7,9}/golang-1.15 as postponed for bullseye

Utkarsh Gupta (@utkarsh) utkarsh at debian.org
Sun Dec 7 14:18:05 GMT 2025 


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
48692215 by Utkarsh Gupta at 2025-12-07T19:41:19+05:30
Mark CVE-2025-6172{7,9}/golang-1.15 as postponed for bullseye

- - - - -
4c327c79 by Utkarsh Gupta at 2025-12-07T19:47:49+05:30
Mark CVE-2025-65637/golang-logrus as postponed for bullseye

Rebuilding 70+ rev-deps isn't worth the effort

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -633,6 +633,7 @@ CVE-2025-65806 (The E-POINT CMS eagle.gsam-1169.1 file upload feature improperly
 	NOT-FOR-US: E-POINT CMS
 CVE-2025-65637 (A denial-of-service vulnerability exists in github.com/sirupsen/logrus ...)
 	- golang-logrus 1.9.3-1
+	[bullseye] - golang-logrus <postponed> (Limited support, can be fixed later - not serious enough to require an immediate update)
 	NOTE: https://github.com/mjuanxd/logrus-dos-poc
 	NOTE: https://github.com/sirupsen/logrus/issues/1370
 	NOTE: https://github.com/sirupsen/logrus/pull/1384
@@ -1360,6 +1361,7 @@ CVE-2025-61727 (An excluded subdomain constraint in a certificate chain does not
 	- golang-1.19 <removed>
 	[bookworm] - golang-1.19 <no-dsa> (Minor issue)
 	- golang-1.15 <removed>
+	[bullseye] - golang-1.15 <postponed> (Limited support, minor issue, follow bookworm DSAs/point-releases)
 	NOTE: https://groups.google.com/g/golang-announce/c/8FJoBkPddm4
 	NOTE: https://github.com/golang/go/issues/76442
 	NOTE: Fixed by: https://github.com/golang/go/commit/287017acebd27203aa3218abbd11ed65c2280cf8 (go1.25.5)
@@ -1370,6 +1372,7 @@ CVE-2025-61729 (Within HostnameError.Error(), when constructing an error string,
 	- golang-1.19 <removed>
 	[bookworm] - golang-1.19 <no-dsa> (Minor issue)
 	- golang-1.15 <removed>
+	[bullseye] - golang-1.15 <postponed> (Limited support, minor issue, follow bookworm DSAs/point-releases)
 	NOTE: https://groups.google.com/g/golang-announce/c/8FJoBkPddm4
 	NOTE: https://go-review.googlesource.com/c/go/+/725920
 	NOTE: https://github.com/golang/go/issues/76445



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/704c9455a3d8a0eb6bc4b2d793647aa310134c66...4c327c7955975842bc54fa5c8e536509e96fc3a4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/704c9455a3d8a0eb6bc4b2d793647aa310134c66...4c327c7955975842bc54fa5c8e536509e96fc3a4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251207/9cdc9736/attachment.htm>

More information about the debian-security-tracker-commits mailing list