[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2025-22866,golang-1.15: bullseye is ignored

Sun Feb 9 22:40:59 GMT 2025


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b5f97bb0 by Markus Koschany at 2025-02-09T23:06:19+01:00
CVE-2025-22866,golang-1.15: bullseye is ignored

Minor issue

- - - - -
c64653b4 by Markus Koschany at 2025-02-09T23:38:25+01:00
CVE-2024-45339,golang-glog: link to pull request

The pull request includes all necessary changes

- - - - -
91d65616 by Markus Koschany at 2025-02-09T23:40:22+01:00
Add golang-glog to dla-needed.txt

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -368,6 +368,7 @@ CVE-2025-22866 (Due to the usage of a variable time instruction in the assembly
 	- golang-1.22 1.22.12-1
 	- golang-1.19 <removed>
 	- golang-1.15 <removed>
+	[bullseye] - golang-1.15 <ignored> (Minor issue)
 	NOTE: https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k
 	NOTE: https://github.com/golang/go/issues/71383
 	NOTE: https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)
@@ -2769,6 +2770,7 @@ CVE-2024-45340 (Credentials provided via the new GOAUTH feature were not being p
 CVE-2024-45339 (When logs are written to a widely-writable directory (the default), an ...)
 	- golang-glog <unfixed> (bug #1094733)
 	NOTE: Fixed by: https://github.com/golang/glog/commit/a0e3c40a0ed0cecc58c84e7684d9ce55a54044ee (v1.2.4)
+	NOTE: Complete fix: https://github.com/golang/glog/pull/74
 CVE-2024-44172 (A privacy issue was addressed with improved private data redaction for ...)
 	NOT-FOR-US: Apple
 CVE-2024-37526 (IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization1.8, 2. ...)


=====================================
data/dla-needed.txt
=====================================
@@ -119,6 +119,9 @@ glewlwyd (Thorsten Alteholz)
 gnutls28
   NOTE: 20250209: Added by Front-Desk (apo)
 --
+golang-glog
+  NOTE: 20250209: Added by Front-Desk (apo)
+--
 grub2
   NOTE: 20250105: Added by Front-Desk (apo)
   NOTE: 20250105: high-profile package but not enough details yet. (apo)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/62e19ca4f155d11b4a547c0860875766195eb613...91d65616665c21c335191a293a1362c89d958422

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/62e19ca4f155d11b4a547c0860875766195eb613...91d65616665c21c335191a293a1362c89d958422
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250209/46f6dddd/attachment.htm>
