[Git][security-tracker-team/security-tracker][master] Track fixed version for golang-1.24 issues fixed via unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 17 05:47:11 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ca6564df by Salvatore Bonaccorso at 2025-06-17T06:46:42+02:00
Track fixed version for golang-1.24 issues fixed via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3098,7 +3098,7 @@ CVE-2025-27445 (A path traversal vulnerability in RSFirewall component 2.9.7 - 3
 CVE-2025-0691 (Improper access control in permissions component in Devolutions Server ...)
 	NOT-FOR-US: Devolutions
 CVE-2025-22874 (Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsag ...)
-	- golang-1.24 <unfixed> (bug #1107364)
+	- golang-1.24 1.24.4-1 (bug #1107364)
 	- golang-1.23 <not-affected> (Vulnerable code not present)
 	- golang-1.19 <not-affected> (Vulnerable code not present)
 	- golang-1.15 <not-affected> (Vulnerable code not present)
@@ -3114,7 +3114,7 @@ CVE-2025-0913 (os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix
 	NOTE: Fixed by: https://github.com/golang/go/commit/9f9cf28f8fe67e6c17123cae2d89f116504f2be1 (go1.24.4)
 	NOTE: Fixed by: https://github.com/golang/go/commit/c2c89d95516d2a6b51aa1766ed5f76e542ab282c (go1.23.10)
 CVE-2025-4673 (Proxy-Authorization and Proxy-Authenticate headers persisted on cross- ...)
-	- golang-1.24 <unfixed> (bug #1107364)
+	- golang-1.24 1.24.4-1 (bug #1107364)
 	- golang-1.23 1.23.10-1 (bug #1107390)
 	- golang-1.19 <removed>
 	[bookworm] - golang-1.19 <no-dsa> (Minor issue)
@@ -12041,7 +12041,7 @@ CVE-2024-45554 (Memory corruption during concurrent SSR execution due to race co
 CVE-2023-33770 (Real Estate Management System v1.0 was discovered to contain a SQL inj ...)
 	NOT-FOR-US: Real Estate Management System
 CVE-2025-22873
-	- golang-1.24 <unfixed> (bug #1104816)
+	- golang-1.24 1.24.4-1 (bug #1104816)
 	- golang-1.23 <not-affected> (Vulnerable code only present in 1.24.x releases)
 	- golang-1.19 <not-affected> (Vulnerable code only present in 1.24.x releases)
 	- golang-1.15 <not-affected> (Vulnerable code only present in 1.24.x releases)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca6564df1db0ee3b4d8de0b48bdff787c37cd10f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca6564df1db0ee3b4d8de0b48bdff787c37cd10f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250617/5fa0b99f/attachment.htm>

More information about the debian-security-tracker-commits mailing list