[Git][security-tracker-team/security-tracker][master] Track fix in 1.24 release branch for CVE-2025-68119
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 29 04:50:58 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
797d8c76 by Salvatore Bonaccorso at 2026-01-29T05:49:51+01:00
Track fix in 1.24 release branch for CVE-2025-68119
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4865,7 +4865,7 @@ CVE-2025-68119 (Downloading and building modules with malicious version strings
NOTE: https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc
NOTE: https://github.com/golang/go/issues/77099
NOTE: Fixed by: https://github.com/golang/go/commit/082365aa552a7e2186f79110d5311dce70749cc0 (go1.25.6)
- TODO: check, might only affect 1.25 and above
+ NOTE: Fixed by: https://github.com/golang/go/commit/73fe85f0ea1bf2cec8e9a89bf5645de06ecaa0a6 (release-branch.go1.24)
CVE-2025-61731 (Building a malicious file with cmd/go can cause can cause a write to a ...)
- golang-1.25 1.25.6-1 (bug #1125916)
- golang-1.24 1.24.12-1 (bug #1125917)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/797d8c7608a13a4e3196167e27c0b3ce9e9dec1b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/797d8c7608a13a4e3196167e27c0b3ce9e9dec1b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260129/ba231186/attachment.htm>
More information about the debian-security-tracker-commits
mailing list