[Git][security-tracker-team/security-tracker][master] bookworm/trixie triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Oct 16 19:29:59 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
64a506de by Moritz Mühlenhoff at 2025-10-16T20:29:48+02:00
bookworm/trixie triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2284,8 +2284,10 @@ CVE-2016-15047 (AVTECH devices that include the CloudSetup.cgi management endpoi
 CVE-2025-61724 [net/textproto: excessive CPU consumption in Reader.ReadResponse]
 	- golang-1.25 1.25.2-1
 	- golang-1.24 1.24.8-1
+	[trixie] - golang-1.24 <no-dsa> (Minor issue)
 	- golang-1.23 <unfixed>
 	- golang-1.19 <removed>
+	[bookworm] - golang-1.19 <no-dsa> (Minor issue)
 	- golang-1.15 <removed>
 	NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
 	NOTE: https://github.com/golang/go/issues/75716
@@ -2294,8 +2296,10 @@ CVE-2025-61724 [net/textproto: excessive CPU consumption in Reader.ReadResponse]
 CVE-2025-58183 [archive/tar: unbounded allocation when parsing GNU sparse map]
 	- golang-1.25 1.25.2-1
 	- golang-1.24 1.24.8-1
+	[trixie] - golang-1.24 <no-dsa> (Minor issue)
 	- golang-1.23 <unfixed>
 	- golang-1.19 <removed>
+	[bookworm] - golang-1.19 <no-dsa> (Minor issue)
 	- golang-1.15 <removed>
 	NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
 	NOTE: https://github.com/golang/go/issues/75677
@@ -2304,8 +2308,10 @@ CVE-2025-58183 [archive/tar: unbounded allocation when parsing GNU sparse map]
 CVE-2025-58188 [crypto/x509: panic when validating certificates with DSA public keys]
 	- golang-1.25 1.25.2-1
 	- golang-1.24 1.24.8-1
+	[trixie] - golang-1.24 <no-dsa> (Minor issue)
 	- golang-1.23 <unfixed>
 	- golang-1.19 <removed>
+	[bookworm] - golang-1.19 <no-dsa> (Minor issue)
 	- golang-1.15 <removed>
 	NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
 	NOTE: https://github.com/golang/go/issues/75675
@@ -2314,8 +2320,10 @@ CVE-2025-58188 [crypto/x509: panic when validating certificates with DSA public
 CVE-2025-58186 [net/http: lack of limit when parsing cookies can cause memory exhaustion]
 	- golang-1.25 1.25.2-1
 	- golang-1.24 1.24.8-1
+	[trixie] - golang-1.24 <no-dsa> (Minor issue)
 	- golang-1.23 <unfixed>
 	- golang-1.19 <removed>
+	[bookworm] - golang-1.19 <no-dsa> (Minor issue)
 	- golang-1.15 <removed>
 	NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
 	NOTE: https://github.com/golang/go/issues/75672
@@ -2324,8 +2332,10 @@ CVE-2025-58186 [net/http: lack of limit when parsing cookies can cause memory ex
 CVE-2025-58185 [encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion]
 	- golang-1.25 1.25.2-1
 	- golang-1.24 1.24.8-1
+	[trixie] - golang-1.24 <no-dsa> (Minor issue)
 	- golang-1.23 <unfixed>
 	- golang-1.19 <removed>
+	[bookworm] - golang-1.19 <no-dsa> (Minor issue)
 	- golang-1.15 <removed>
 	NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
 	NOTE: https://github.com/golang/go/issues/75671
@@ -2334,8 +2344,10 @@ CVE-2025-58185 [encoding/asn1: pre-allocating memory when parsing DER payload ca
 CVE-2025-47912 [net/url: insufficient validation of bracketed IPv6 hostnames]
 	- golang-1.25 1.25.2-1
 	- golang-1.24 1.24.8-1
+	[trixie] - golang-1.24 <no-dsa> (Minor issue)
 	- golang-1.23 <unfixed>
 	- golang-1.19 <removed>
+	[bookworm] - golang-1.19 <no-dsa> (Minor issue)
 	- golang-1.15 <removed>
 	NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
 	NOTE: https://github.com/golang/go/issues/75678
@@ -2344,8 +2356,10 @@ CVE-2025-47912 [net/url: insufficient validation of bracketed IPv6 hostnames]
 CVE-2025-61723 [encoding/pem: quadratic complexity when parsing some invalid inputs]
 	- golang-1.25 1.25.2-1
 	- golang-1.24 1.24.8-1
+	[trixie] - golang-1.24 <no-dsa> (Minor issue)
 	- golang-1.23 <unfixed>
 	- golang-1.19 <removed>
+	[bookworm] - golang-1.19 <no-dsa> (Minor issue)
 	- golang-1.15 <removed>
 	NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
 	NOTE: https://github.com/golang/go/issues/75676
@@ -2354,8 +2368,10 @@ CVE-2025-61723 [encoding/pem: quadratic complexity when parsing some invalid inp
 CVE-2025-58189 [crypto/tls: ALPN negotiation errors can contain arbitrary text]
 	- golang-1.25 1.25.2-1
 	- golang-1.24 1.24.8-1
+	[trixie] - golang-1.24 <no-dsa> (Minor issue)
 	- golang-1.23 <unfixed>
 	- golang-1.19 <removed>
+	[bookworm] - golang-1.19 <no-dsa> (Minor issue)
 	- golang-1.15 <removed>
 	NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
 	NOTE: https://github.com/golang/go/issues/75652
@@ -2364,8 +2380,10 @@ CVE-2025-58189 [crypto/tls: ALPN negotiation errors can contain arbitrary text]
 CVE-2025-58187 [crypto/x509: quadratic complexity when checking name constraints]
 	- golang-1.25 1.25.2-1
 	- golang-1.24 1.24.8-1
+	[trixie] - golang-1.24 <no-dsa> (Minor issue)
 	- golang-1.23 <unfixed>
 	- golang-1.19 <removed>
+	[bookworm] - golang-1.19 <no-dsa> (Minor issue)
 	- golang-1.15 <removed>
 	NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
 	NOTE: https://github.com/golang/go/issues/75681
@@ -2374,8 +2392,10 @@ CVE-2025-58187 [crypto/x509: quadratic complexity when checking name constraints
 CVE-2025-61725 [net/mail: excessive CPU consumption in ParseAddress]
 	- golang-1.25 1.25.2-1
 	- golang-1.24 1.24.8-1
+	[trixie] - golang-1.24 <no-dsa> (Minor issue)
 	- golang-1.23 <unfixed>
 	- golang-1.19 <removed>
+	[bookworm] - golang-1.19 <no-dsa> (Minor issue)
 	- golang-1.15 <removed>
 	NOTE: https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI/m/qZN5nc-mBgAJ
 	NOTE: https://github.com/golang/go/issues/75680



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64a506defca60f41bc7744de538bdc5d155da462

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64a506defca60f41bc7744de538bdc5d155da462
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251016/c38735a8/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list