[Git][security-tracker-team/security-tracker][master] golang-1.15: harmonize bullseye triage
Sylvain Beucler (@beuc)
gitlab at salsa.debian.org
Fri Nov 7 11:53:23 GMT 2025
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0944f7b9 by Sylvain Beucler at 2025-11-07T12:53:14+01:00
golang-1.15: harmonize bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8950,7 +8950,7 @@ CVE-2025-61724 (The Reader.ReadResponse function constructs a response string th
- golang-1.19 <removed>
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- [bullseye] - golang-1.15 <postponed> (Minor issue)
+ [bullseye] - golang-1.15 <postponed> (Limited support, minor issue, DoS, follow bookworm DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
NOTE: https://github.com/golang/go/issues/75716
NOTE: https://github.com/golang/go/commit/5d7a787aa2b486f77537eeaed9c38c940a7182b8 (go1.25.2)
@@ -8963,7 +8963,7 @@ CVE-2025-58183 (tar.Reader does not set a maximum size on the number of sparse r
- golang-1.19 <removed>
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- [bullseye] - golang-1.15 <postponed> (Minor issue)
+ [bullseye] - golang-1.15 <postponed> (Limited support, minor issue, DoS, follow bookworm DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
NOTE: https://github.com/golang/go/issues/75677
NOTE: https://github.com/golang/go/commit/2612dcfd3cb6dd73c76e14a24fe1a68e2708e4e3 (go1.25.2)
@@ -8976,7 +8976,7 @@ CVE-2025-58188 (Validating certificate chains which contain DSA public keys can
- golang-1.19 <removed>
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- [bullseye] - golang-1.15 <postponed> (Minor issue)
+ [bullseye] - golang-1.15 <postponed> (Limited support, minor issue, DoS, follow bookworm DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
NOTE: https://github.com/golang/go/issues/75675
NOTE: https://github.com/golang/go/commit/930ce220d052d632f0d84df5850c812a77b70175 (go1.25.2)
@@ -8989,7 +8989,7 @@ CVE-2025-58186 (Despite HTTP headers having a default limit of 1MB, the number o
- golang-1.19 <removed>
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- [bullseye] - golang-1.15 <postponed> (Minor issue)
+ [bullseye] - golang-1.15 <postponed> (Limited support, minor issue, DoS, follow bookworm DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
NOTE: https://github.com/golang/go/issues/75672
NOTE: https://github.com/golang/go/commit/100c5a66802b5a895b1d0e5ed3b7918f899c4833 (go1.25.2)
@@ -9002,7 +9002,7 @@ CVE-2025-58185 (Parsing a maliciously crafted DER payload could allocate large a
- golang-1.19 <removed>
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- [bullseye] - golang-1.15 <postponed> (Minor issue)
+ [bullseye] - golang-1.15 <postponed> (Limited support, minor issue, DoS, follow bookworm DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
NOTE: https://github.com/golang/go/issues/75671
NOTE: https://github.com/golang/go/commit/e0f655bf3f96410f90756f49532bc6a1851855ca (go1.25.2)
@@ -9015,7 +9015,7 @@ CVE-2025-47912 (The Parse function permits values other than IPv6 addresses to b
- golang-1.19 <removed>
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- [bullseye] - golang-1.15 <postponed> (Minor issue)
+ [bullseye] - golang-1.15 <postponed> (Limited support, minor issue, follow bookworm DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
NOTE: https://github.com/golang/go/issues/75678
NOTE: https://github.com/golang/go/commit/9fd3ac8a10272afd90312fef5d379de7d688a58e (go1.25.2)
@@ -9028,7 +9028,7 @@ CVE-2025-61723 (The processing time for parsing some invalid inputs scales non-l
- golang-1.19 <removed>
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- [bullseye] - golang-1.15 <postponed> (Minor issue)
+ [bullseye] - golang-1.15 <postponed> (Limited support, minor issue, DoS, follow bookworm DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
NOTE: https://github.com/golang/go/issues/75676
NOTE: https://github.com/golang/go/commit/90f72bd5001d0278949fab0b7a40f7d8c712979b (go1.25.2)
@@ -9041,7 +9041,7 @@ CVE-2025-58189 (When Conn.Handshake fails during ALPN negotiation the error cont
- golang-1.19 <removed>
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- [bullseye] - golang-1.15 <postponed> (Minor issue)
+ [bullseye] - golang-1.15 <postponed> (Limited support, minor issue, follow bookworm DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
NOTE: https://github.com/golang/go/issues/75652
NOTE: https://github.com/golang/go/commit/205d0865958a6d2342939f62dfeaf47508101976 (go1.25.2)
@@ -9054,7 +9054,7 @@ CVE-2025-58187 (Due to the design of the name constraint checking algorithm, the
- golang-1.19 <removed>
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- [bullseye] - golang-1.15 <postponed> (Minor issue)
+ [bullseye] - golang-1.15 <postponed> (Limited support, minor issue, DoS, follow bookworm DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
NOTE: https://github.com/golang/go/issues/75681
NOTE: https://github.com/golang/go/commit/f0c69db15aae2eb10bddd8b6745dff5c2932e8f5 (go1.25.2)
@@ -9067,7 +9067,7 @@ CVE-2025-61725 (The ParseAddress function constructeds domain-literal address co
- golang-1.19 <removed>
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- [bullseye] - golang-1.15 <postponed> (Minor issue)
+ [bullseye] - golang-1.15 <postponed> (Limited support, minor issue, DoS, follow bookworm DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
NOTE: https://github.com/golang/go/issues/75680
NOTE: https://github.com/golang/go/commit/6a057327cf9a405e6388593dd4aedc0d0da77092 (go1.25.2)
@@ -32385,7 +32385,7 @@ CVE-2025-47907 (Cancelling a query (e.g. by cancelling the context passed to one
- golang-1.19 <removed>
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- [bullseye] - golang-1.15 <postponed> (Minor issue)
+ [bullseye] - golang-1.15 <postponed> (Limited support, minor issue, follow bookworm DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/x5MKroML2yM/m/5_v-oMjUAgAJ
NOTE: https://github.com/golang/go/issues/74831
NOTE: https://github.com/golang/go/commit/83b4a5db240960720e51b7d5a6da1f399bd868ee (go1.24.6)
@@ -32397,7 +32397,7 @@ CVE-2025-47906 (If the PATH environment variable contains paths which are execut
- golang-1.19 <removed>
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- [bullseye] - golang-1.15 <postponed> (Minor issue)
+ [bullseye] - golang-1.15 <postponed> (Limited support, minor issue, follow bookworm DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/x5MKroML2yM/m/5_v-oMjUAgAJ
NOTE: https://github.com/golang/go/issues/74466
NOTE: https://github.com/golang/go/commit/0f5133b742bf61cda6c98b4cd1d313a330f13f32 (go1.24.6)
@@ -32622,7 +32622,7 @@ CVE-2024-8244 (The filepath.Walk and filepath.WalkDir functions are documented a
- golang-1.19 <removed>
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- [bullseye] - golang-1.15 <postponed> (Minor issue)
+ [bullseye] - golang-1.15 <postponed> (Limited support, minor issue, follow bookworm DSAs/point-releases)
NOTE: https://github.com/golang/go/issues/70007
CVE-2024-52885 (The Mobile Access Portal's File Share application is vulnerable to a d ...)
NOT-FOR-US: Mobile Access Portal
@@ -40662,7 +40662,7 @@ CVE-2025-4674 (The go command may execute unexpected commands when operating in
- golang-1.19 <removed>
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- [bullseye] - golang-1.15 <postponed> (Minor issue)
+ [bullseye] - golang-1.15 <postponed> (Limited support, minor issue, follow bookworm DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/gTNJnDXmn34
NOTE: https://github.com/golang/go/commit/825eeee3f789a11231ce23a4836c74ec5e34bf2a (go1.24.5)
NOTE: https://github.com/golang/go/commit/e9d2c032b14c17083be0f8f0c822565199d2994f (go1.23.11)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0944f7b92abaaa7f6ad07e3931f1446eab43eb20
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0944f7b92abaaa7f6ad07e3931f1446eab43eb20
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251107/cd9248c5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list