[Git][security-tracker-team/security-tracker][master] Add new golang issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Oct 10 08:50:58 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f50c4f8c by Salvatore Bonaccorso at 2025-10-10T09:50:27+02:00
Add new golang issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,103 @@
+CVE-2025-61724 [net/textproto: excessive CPU consumption in Reader.ReadResponse]
+	- golang-1.25 <unfixed>
+	- golang-1.24 <unfixed>
+	- golang-1.23 <unfixed>
+	- golang-1.19 <removed>
+	- golang-1.15 <removed>
+	NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
+	NOTE: https://github.com/golang/go/issues/75716
+	NOTE: https://github.com/golang/go/commit/5d7a787aa2b486f77537eeaed9c38c940a7182b8 (go1.25.2)
+	NOTE: https://github.com/golang/go/commit/a402f4ad285514f5f3db90516d72047d591b307a (go1.24.8)
+CVE-2025-58183 [archive/tar: unbounded allocation when parsing GNU sparse map]
+	- golang-1.25 <unfixed>
+	- golang-1.24 <unfixed>
+	- golang-1.23 <unfixed>
+	- golang-1.19 <removed>
+	- golang-1.15 <removed>
+	NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
+	NOTE: https://github.com/golang/go/issues/75677
+	NOTE: https://github.com/golang/go/commit/2612dcfd3cb6dd73c76e14a24fe1a68e2708e4e3 (go1.25.2)
+	NOTE: https://github.com/golang/go/commit/613e746327381d820759ebea6ce722720b343556 (go1.24.8)
+CVE-2025-58188 [crypto/x509: panic when validating certificates with DSA public keys]
+	- golang-1.25 <unfixed>
+	- golang-1.24 <unfixed>
+	- golang-1.23 <unfixed>
+	- golang-1.19 <removed>
+	- golang-1.15 <removed>
+	NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
+	NOTE: https://github.com/golang/go/issues/75675
+	NOTE: https://github.com/golang/go/commit/930ce220d052d632f0d84df5850c812a77b70175 (go1.25.2)
+	NOTE: https://github.com/golang/go/commit/f9f198ab05e3282cbf6b13251d47d9141981e401 (go1.24.8)
+CVE-2025-58186 [net/http: lack of limit when parsing cookies can cause memory exhaustion]
+	- golang-1.25 <unfixed>
+	- golang-1.24 <unfixed>
+	- golang-1.23 <unfixed>
+	- golang-1.19 <removed>
+	- golang-1.15 <removed>
+	NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
+	NOTE: https://github.com/golang/go/issues/75672
+	NOTE: https://github.com/golang/go/commit/100c5a66802b5a895b1d0e5ed3b7918f899c4833 (go1.25.2)
+	NOTE: https://github.com/golang/go/commit/c6b04dd33b0215f5deb83724661921842bf67607 (go1.24.8)
+CVE-2025-58185 [encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion]
+	- golang-1.25 <unfixed>
+	- golang-1.24 <unfixed>
+	- golang-1.23 <unfixed>
+	- golang-1.19 <removed>
+	- golang-1.15 <removed>
+	NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
+	NOTE: https://github.com/golang/go/issues/75671
+	NOTE: https://github.com/golang/go/commit/e0f655bf3f96410f90756f49532bc6a1851855ca (go1.25.2)
+	NOTE: https://github.com/golang/go/commit/5c3d61c886f7ecfce9a6d6d3c97e6d5a8afb17d1 (go1.24.8)
+CVE-2025-47912 [net/url: insufficient validation of bracketed IPv6 hostnames]
+	- golang-1.25 <unfixed>
+	- golang-1.24 <unfixed>
+	- golang-1.23 <unfixed>
+	- golang-1.19 <removed>
+	- golang-1.15 <removed>
+	NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
+	NOTE: https://github.com/golang/go/issues/75678
+	NOTE: https://github.com/golang/go/commit/9fd3ac8a10272afd90312fef5d379de7d688a58e (go1.25.2)
+	NOTE: https://github.com/golang/go/commit/d6d2f7bf76718f1db05461cd912ae5e30d7b77ea (go1.24.8)
+CVE-2025-61723 [encoding/pem: quadratic complexity when parsing some invalid inputs]
+	- golang-1.25 <unfixed>
+	- golang-1.24 <unfixed>
+	- golang-1.23 <unfixed>
+	- golang-1.19 <removed>
+	- golang-1.15 <removed>
+	NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
+	NOTE: https://github.com/golang/go/issues/75676
+	NOTE: https://github.com/golang/go/commit/90f72bd5001d0278949fab0b7a40f7d8c712979b (go1.25.2)
+	NOTE: https://github.com/golang/go/commit/74d4d836b91318a8764b94bc2b4b66ff599eb5f2 (go1.24.8)
+CVE-2025-58189 [crypto/tls: ALPN negotiation errors can contain arbitrary text]
+	- golang-1.25 <unfixed>
+	- golang-1.24 <unfixed>
+	- golang-1.23 <unfixed>
+	- golang-1.19 <removed>
+	- golang-1.15 <removed>
+	NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
+	NOTE: https://github.com/golang/go/issues/75652
+	NOTE: https://github.com/golang/go/commit/205d0865958a6d2342939f62dfeaf47508101976 (go1.25.2)
+	NOTE: https://github.com/golang/go/commit/2e1e356e33b9c792a9643749a7626a1789197bb9 (go1.24.8)
+CVE-2025-58187 [crypto/x509: quadratic complexity when checking name constraints]
+	- golang-1.25 <unfixed>
+	- golang-1.24 <unfixed>
+	- golang-1.23 <unfixed>
+	- golang-1.19 <removed>
+	- golang-1.15 <removed>
+	NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
+	NOTE: https://github.com/golang/go/issues/75681
+	NOTE: https://github.com/golang/go/commit/f0c69db15aae2eb10bddd8b6745dff5c2932e8f5 (go1.25.2)
+	NOTE: https://github.com/golang/go/commit/f334417e71f8b078ad64035bddb6df7f8910da6c (go1.24.8)
+CVE-2025-61725 [net/mail: excessive CPU consumption in ParseAddress]
+	- golang-1.25 <unfixed>
+	- golang-1.24 <unfixed>
+	- golang-1.23 <unfixed>
+	- golang-1.19 <removed>
+	- golang-1.15 <removed>
+	NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
+	NOTE: https://github.com/golang/go/issues/75680
+	NOTE: https://github.com/golang/go/commit/6a057327cf9a405e6388593dd4aedc0d0da77092 (go1.25.2)
+	NOTE: https://github.com/golang/go/commit/bc6981fd74024098185a23ba3a83a81ed68a06c9 (go1.24.8)
 CVE-2025-9371 (The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-62228 (Apache Flink CDC version 3.4.0 was vulnerable to a SQL injection via m ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f50c4f8c81ac4d6aa6030be4fbd4d92665a1f40e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f50c4f8c81ac4d6aa6030be4fbd4d92665a1f40e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251010/c3a5f28a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list