[Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for various golang issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 10 08:53:18 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8629dcdf by Salvatore Bonaccorso at 2025-10-10T09:52:43+02:00
Track fixed version via unstable for various golang issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,6 @@
CVE-2025-61724 [net/textproto: excessive CPU consumption in Reader.ReadResponse]
- - golang-1.25 <unfixed>
- - golang-1.24 <unfixed>
+ - golang-1.25 1.25.2-1
+ - golang-1.24 1.24.8-1
- golang-1.23 <unfixed>
- golang-1.19 <removed>
- golang-1.15 <removed>
@@ -9,8 +9,8 @@ CVE-2025-61724 [net/textproto: excessive CPU consumption in Reader.ReadResponse]
NOTE: https://github.com/golang/go/commit/5d7a787aa2b486f77537eeaed9c38c940a7182b8 (go1.25.2)
NOTE: https://github.com/golang/go/commit/a402f4ad285514f5f3db90516d72047d591b307a (go1.24.8)
CVE-2025-58183 [archive/tar: unbounded allocation when parsing GNU sparse map]
- - golang-1.25 <unfixed>
- - golang-1.24 <unfixed>
+ - golang-1.25 1.25.2-1
+ - golang-1.24 1.24.8-1
- golang-1.23 <unfixed>
- golang-1.19 <removed>
- golang-1.15 <removed>
@@ -19,8 +19,8 @@ CVE-2025-58183 [archive/tar: unbounded allocation when parsing GNU sparse map]
NOTE: https://github.com/golang/go/commit/2612dcfd3cb6dd73c76e14a24fe1a68e2708e4e3 (go1.25.2)
NOTE: https://github.com/golang/go/commit/613e746327381d820759ebea6ce722720b343556 (go1.24.8)
CVE-2025-58188 [crypto/x509: panic when validating certificates with DSA public keys]
- - golang-1.25 <unfixed>
- - golang-1.24 <unfixed>
+ - golang-1.25 1.25.2-1
+ - golang-1.24 1.24.8-1
- golang-1.23 <unfixed>
- golang-1.19 <removed>
- golang-1.15 <removed>
@@ -29,8 +29,8 @@ CVE-2025-58188 [crypto/x509: panic when validating certificates with DSA public
NOTE: https://github.com/golang/go/commit/930ce220d052d632f0d84df5850c812a77b70175 (go1.25.2)
NOTE: https://github.com/golang/go/commit/f9f198ab05e3282cbf6b13251d47d9141981e401 (go1.24.8)
CVE-2025-58186 [net/http: lack of limit when parsing cookies can cause memory exhaustion]
- - golang-1.25 <unfixed>
- - golang-1.24 <unfixed>
+ - golang-1.25 1.25.2-1
+ - golang-1.24 1.24.8-1
- golang-1.23 <unfixed>
- golang-1.19 <removed>
- golang-1.15 <removed>
@@ -39,8 +39,8 @@ CVE-2025-58186 [net/http: lack of limit when parsing cookies can cause memory ex
NOTE: https://github.com/golang/go/commit/100c5a66802b5a895b1d0e5ed3b7918f899c4833 (go1.25.2)
NOTE: https://github.com/golang/go/commit/c6b04dd33b0215f5deb83724661921842bf67607 (go1.24.8)
CVE-2025-58185 [encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion]
- - golang-1.25 <unfixed>
- - golang-1.24 <unfixed>
+ - golang-1.25 1.25.2-1
+ - golang-1.24 1.24.8-1
- golang-1.23 <unfixed>
- golang-1.19 <removed>
- golang-1.15 <removed>
@@ -49,8 +49,8 @@ CVE-2025-58185 [encoding/asn1: pre-allocating memory when parsing DER payload ca
NOTE: https://github.com/golang/go/commit/e0f655bf3f96410f90756f49532bc6a1851855ca (go1.25.2)
NOTE: https://github.com/golang/go/commit/5c3d61c886f7ecfce9a6d6d3c97e6d5a8afb17d1 (go1.24.8)
CVE-2025-47912 [net/url: insufficient validation of bracketed IPv6 hostnames]
- - golang-1.25 <unfixed>
- - golang-1.24 <unfixed>
+ - golang-1.25 1.25.2-1
+ - golang-1.24 1.24.8-1
- golang-1.23 <unfixed>
- golang-1.19 <removed>
- golang-1.15 <removed>
@@ -59,8 +59,8 @@ CVE-2025-47912 [net/url: insufficient validation of bracketed IPv6 hostnames]
NOTE: https://github.com/golang/go/commit/9fd3ac8a10272afd90312fef5d379de7d688a58e (go1.25.2)
NOTE: https://github.com/golang/go/commit/d6d2f7bf76718f1db05461cd912ae5e30d7b77ea (go1.24.8)
CVE-2025-61723 [encoding/pem: quadratic complexity when parsing some invalid inputs]
- - golang-1.25 <unfixed>
- - golang-1.24 <unfixed>
+ - golang-1.25 1.25.2-1
+ - golang-1.24 1.24.8-1
- golang-1.23 <unfixed>
- golang-1.19 <removed>
- golang-1.15 <removed>
@@ -69,8 +69,8 @@ CVE-2025-61723 [encoding/pem: quadratic complexity when parsing some invalid inp
NOTE: https://github.com/golang/go/commit/90f72bd5001d0278949fab0b7a40f7d8c712979b (go1.25.2)
NOTE: https://github.com/golang/go/commit/74d4d836b91318a8764b94bc2b4b66ff599eb5f2 (go1.24.8)
CVE-2025-58189 [crypto/tls: ALPN negotiation errors can contain arbitrary text]
- - golang-1.25 <unfixed>
- - golang-1.24 <unfixed>
+ - golang-1.25 1.25.2-1
+ - golang-1.24 1.24.8-1
- golang-1.23 <unfixed>
- golang-1.19 <removed>
- golang-1.15 <removed>
@@ -79,8 +79,8 @@ CVE-2025-58189 [crypto/tls: ALPN negotiation errors can contain arbitrary text]
NOTE: https://github.com/golang/go/commit/205d0865958a6d2342939f62dfeaf47508101976 (go1.25.2)
NOTE: https://github.com/golang/go/commit/2e1e356e33b9c792a9643749a7626a1789197bb9 (go1.24.8)
CVE-2025-58187 [crypto/x509: quadratic complexity when checking name constraints]
- - golang-1.25 <unfixed>
- - golang-1.24 <unfixed>
+ - golang-1.25 1.25.2-1
+ - golang-1.24 1.24.8-1
- golang-1.23 <unfixed>
- golang-1.19 <removed>
- golang-1.15 <removed>
@@ -89,8 +89,8 @@ CVE-2025-58187 [crypto/x509: quadratic complexity when checking name constraints
NOTE: https://github.com/golang/go/commit/f0c69db15aae2eb10bddd8b6745dff5c2932e8f5 (go1.25.2)
NOTE: https://github.com/golang/go/commit/f334417e71f8b078ad64035bddb6df7f8910da6c (go1.24.8)
CVE-2025-61725 [net/mail: excessive CPU consumption in ParseAddress]
- - golang-1.25 <unfixed>
- - golang-1.24 <unfixed>
+ - golang-1.25 1.25.2-1
+ - golang-1.24 1.24.8-1
- golang-1.23 <unfixed>
- golang-1.19 <removed>
- golang-1.15 <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8629dcdf9655345c0167b51c8a213e5887c31e49
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8629dcdf9655345c0167b51c8a213e5887c31e49
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251010/1672bd4e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list