[Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-47910/go
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Sep 23 17:54:43 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e37c16b1 by Salvatore Bonaccorso at 2025-09-23T18:54:05+02:00
Update status for CVE-2025-47910/go
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -52,13 +52,16 @@ CVE-2025-57205 (iNiLabs School Express (SMS Express) 6.2 is affected by a Stored
CVE-2025-57204 (Stocky POS with Inventory Management & HRM (ui-lib) version 5.0 is aff ...)
NOT-FOR-US: Stocky POS with Inventory Management
CVE-2025-47910 (When using http.CrossOriginProtection, the AddInsecureBypassPattern me ...)
- - golang-1.24 <unfixed>
- - golang-1.23 <unfixed>
- - golang-1.19 <removed>
- - golang-1.15 <removed>
+ - golang-1.25 <unfixed>
+ - golang-1.24 <not-affected> (Vulnerable code introduced later)
+ - golang-1.23 <not-affected> (Vulnerable code introduced later)
+ - golang-1.19 <not-affected> (Vulnerable code introduced later)
+ - golang-1.15 <not-affected> (Vulnerable code introduced later)
NOTE: https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ
NOTE: https://go-review.googlesource.com/c/go/+/699275
NOTE: https://github.com/golang/go/issues/75054
+ NOTE: Introduced after: https://github.com/golang/go/commit/1881d680b0b573c32d3002c37902760668ffec0f (go1.25rc1)
+ NOTE: Fixed by: https://github.com/golang/go/commit/b1959cf6f7673eaffa89bbdb00e68b30cde3aa8a (go1.25.1)
CVE-2025-43814 (In Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versi ...)
NOT-FOR-US: Liferay
CVE-2025-43810 (Insecure Direct Object Reference (IDOR) vulnerability with commerce or ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e37c16b17d1bbb01c83784a9b26414c0380f1165
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e37c16b17d1bbb01c83784a9b26414c0380f1165
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250923/565864c2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list