[Git][security-tracker-team/security-tracker][master] new go jose issue, the Go ecosystem continues to amaze

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0d81a3c8 by Moritz Muehlenhoff at 2026-04-07T16:55:48+02:00
new go jose issue, the Go ecosystem continues to amaze

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -331,7 +331,13 @@ CVE-2026-34992 (Antrea is a Kubernetes networking solution intended to be Kubern
 CVE-2026-34989 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...)
 	NOT-FOR-US: CI4MS
 CVE-2026-34986 (Go JOSE provides an implementation of the Javascript Object Signing an ...)
-	TODO: check
+	- golang-github-go-jose-go-jose 4.1.4-1
+	- golang-github-go-jose-go-jose.v3 <unfixed>
+	- golang-gopkg-square-go-jose.v2 <unfixed>
+	- golang-gopkg-square-go-jose.v1 <unfixed>
+	NOTE: https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8
+	NOTE: https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9 (v4.1.4)
+	NOTE: https://github.com/go-jose/go-jose/commit/02464163e1e891db85257cb8860978a1c0226016 (v3.0.5)
 CVE-2026-34981 (The whisperX API is a tool for enhancing and analyzing audio content.  ...)
 	NOT-FOR-US: whisperX API
 CVE-2026-34977 (Aperi'Solve is an open-source steganalysis web platform. Prior to 3.2. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d81a3c8286e96e2d1ed2cc96061206da5f6deaa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d81a3c8286e96e2d1ed2cc96061206da5f6deaa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260407/6a1f7b03/attachment.htm>