[Git][security-tracker-team/security-tracker][master] Adjust tracking for CVE-2025-47913/golang-go.crypto

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jan 23 07:17:15 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
02229b36 by Salvatore Bonaccorso at 2026-01-23T08:16:37+01:00
Adjust tracking for CVE-2025-47913/golang-go.crypto

Thanks: Dmitrii Samoilov

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27478,10 +27478,12 @@ CVE-2025-55070 (Mattermost versions <11 fail to enforce multi-factor authenticat
 CVE-2025-4619 (A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS s ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2025-47913 (SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed respons ...)
-	- golang-go.crypto 1:0.42.0-1
+	- golang-go.crypto 1:0.43.0-1
 	[bullseye] - golang-go.crypto <postponed> (Limited support, minor issue, follow bookworm DSAs/point-releases)
-	NOTE: https://github.com/advisories/GHSA-hcg3-q754-cr77
-	NOTE: Fixed by: https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 (v0.35.0)
+	NOTE: https://github.com/advisories/GHSA-56w8-48fp-6mgv
+	NOTE: https://go-review.googlesource.com/c/crypto/+/700295
+	NOTE: https://github.com/golang/go/issues/75178
+	NOTE: Fixed by: https://github.com/golang/crypto/commit/559e062ce8bfd6a39925294620b50906ca2a6f95 (v0.43.0)
 CVE-2025-47222 (A class name enumeration was found in Keyfactor SignServer versions pr ...)
 	NOT-FOR-US: Keyfactor SignServer
 CVE-2025-47221 (An arbitrary file write was found in Keyfactor SignServer versions pri ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02229b36c7a05447c5a4d51986a0ccae85c9ff9a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02229b36c7a05447c5a4d51986a0ccae85c9ff9a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260123/2dbb9875/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list