[Git][security-tracker-team/security-tracker][master] dla: harmonize golang-1.* triage
Sylvain Beucler (@beuc)
gitlab at salsa.debian.org
Mon Feb 17 16:04:46 GMT 2025
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4a2c3a97 by Sylvain Beucler at 2025-02-17T17:04:39+01:00
dla: harmonize golang-1.* triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2691,7 +2691,7 @@ CVE-2025-22866 (Due to the usage of a variable time instruction in the assembly
- golang-1.22 1.22.12-1
- golang-1.19 <removed>
- golang-1.15 <removed>
- [bullseye] - golang-1.15 <ignored> (Minor issue)
+ [bullseye] - golang-1.15 <ignored> (powerpc not supported in LTS)
NOTE: https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k
NOTE: https://github.com/golang/go/issues/71383
NOTE: https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)
@@ -8315,7 +8315,7 @@ CVE-2024-45341 (A certificate with a URI which has a IPv6 address with a zone ID
- golang-1.19 <removed>
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- [bullseye] - golang-1.15 <postponed> (Minor issue)
+ [bullseye] - golang-1.15 <postponed> (Limited support, minor issue, follow bookworm DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI
NOTE: https://go.dev/issue/71156
NOTE: Fixed by: https://github.com/golang/go/commit/468fad45a27db0ec1fff4ae397d3670795b3f977 (go1.24rc2)
@@ -8329,7 +8329,7 @@ CVE-2024-45336 (The HTTP client drops sensitive headers after following a cross-
- golang-1.19 <removed>
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- [bullseye] - golang-1.15 <postponed> (Minor issue)
+ [bullseye] - golang-1.15 <postponed> (Limited support, minor issue, follow bookworm DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI
NOTE: https://go.dev/issue/70530
NOTE: Fixed by: https://github.com/golang/go/commit/6b605505047416bbbf513bba1540220a8897f3f6 (go1.24rc2)
@@ -45101,7 +45101,7 @@ CVE-2024-34158 (Calling Parse on a "// +build" build tag line with deeply nested
- golang-1.19 <removed>
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- [bullseye] - golang-1.15 <no-dsa> (Minor issue)
+ [bullseye] - golang-1.15 <postponed> (Limited support, minor issue, follow bookworm DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc
NOTE: https://go.dev/issue/69141
NOTE: https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1)
@@ -45113,7 +45113,7 @@ CVE-2024-34156 (Calling Decoder.Decode on a message which contains deeply nested
- golang-1.19 <removed>
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- [bullseye] - golang-1.15 <no-dsa> (Minor issue)
+ [bullseye] - golang-1.15 <postponed> (Limited support, minor issue, follow bookworm DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc
NOTE: https://go.dev/issue/69139
NOTE: https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1)
@@ -45125,7 +45125,7 @@ CVE-2024-34155 (Calling any of the Parse functions on Go source code which conta
- golang-1.19 <removed>
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- [bullseye] - golang-1.15 <no-dsa> (Minor issue)
+ [bullseye] - golang-1.15 <postponed> (Limited support, minor issue, follow bookworm DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc
NOTE: https://go.dev/issue/69138
NOTE: https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a2c3a9794f011e55dbaca06109568dcba062bde
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a2c3a9794f011e55dbaca06109568dcba062bde
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250217/e0bb715a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list