[Git][security-tracker-team/security-tracker][master] Track as well golang-github-go-git-go-git-v6 for some recent CVEs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 2 17:04:18 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
290bdf88 by Salvatore Bonaccorso at 2026-06-02T17:21:22+02:00
Track as well golang-github-go-git-go-git-v6 for some recent CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4101,9 +4101,11 @@ CVE-2026-45716 (Budibase is an open-source low-code platform. Prior to 3.38.1, t
CVE-2026-45715 (Budibase is an open-source low-code platform. Prior to 3.38.1, the RES ...)
NOT-FOR-US: Budibase
CVE-2026-45571 (go-git is an extensible git implementation library written in pure Go. ...)
+ - golang-github-go-git-go-git-v6 6.0.0~alpha4-1
- golang-github-go-git-go-git 5.19.1-1
NOTE: https://github.com/go-git/go-git/security/advisories/GHSA-crhj-59gh-8x96
CVE-2026-45570 (go-git is an extensible git implementation library written in pure Go. ...)
+ - golang-github-go-git-go-git-v6 6.0.0~alpha4-1
- golang-github-go-git-go-git 5.19.1-1
NOTE: https://github.com/go-git/go-git/security/advisories/GHSA-m7cr-m3pv-hgrp
CVE-2026-45548 (Budibase is an open-source low-code platform. Prior to 3.34.8, the pro ...)
@@ -4129,6 +4131,7 @@ CVE-2026-45046 (Gryph provides a security layer for AI coding agents. Prior to 0
CVE-2026-45027 (WeGIA is a web manager for charitable institutions. In versions prior ...)
NOT-FOR-US: WeGIA
CVE-2026-45022 (go-git is an extensible git implementation library written in pure Go. ...)
+ - golang-github-go-git-go-git-v6 6.0.0~alpha4-1
- golang-github-go-git-go-git 5.19.1-1
NOTE: https://github.com/go-git/go-git/security/advisories/GHSA-389r-gv7p-r3rp
CVE-2026-44988 (LibVNCClient is a library for easy implementation of a VNC client. In ...)
@@ -15442,6 +15445,7 @@ CVE-2026-41509 (CROSS implementation contains reference and optimized implementa
CVE-2026-41507 (math-codegen generates code from mathematical expressions. Prior to ve ...)
NOT-FOR-US: math-codegen
CVE-2026-41506 (go-git is an extensible git implementation library written in pure Go. ...)
+ - golang-github-go-git-go-git-v6 6.0.0~alpha4-1
- golang-github-go-git-go-git 5.19.1-1 (bug #1136095)
NOTE: https://github.com/go-git/go-git/security/advisories/GHSA-3xc5-wrhm-f963
NOTE: Fixed by: https://github.com/go-git/go-git/commit/bcd20a9c525826081262a06a9ed9c3167abfcd53 (v5.18.0)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/290bdf88526821a2eb4515e16c91a3c0a4f39dc2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/290bdf88526821a2eb4515e16c91a3c0a4f39dc2
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260602/ee69d5ca/attachment.htm>
More information about the debian-security-tracker-commits
mailing list