[Git][security-tracker-team/security-tracker][master] Track fixed version for golang-1.26 issues fixed via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Mar 7 09:47:01 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9bd7fa95 by Salvatore Bonaccorso at 2026-03-07T10:46:45+01:00
Track fixed version for golang-1.26 issues fixed via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -350,7 +350,7 @@ CVE-2018-25162 (2-Plan Team 1.0.4 contains an arbitrary file upload vulnerabilit
CVE-2018-25161 (Warranty Tracking System 11.06.3 contains an SQL injection vulnerabili ...)
NOT-FOR-US: Warranty Tracking System
CVE-2026-27139 (On Unix platforms, when listing the contents of a directory using File ...)
- - golang-1.26 <unfixed>
+ - golang-1.26 1.26.1-1
- golang-1.25 <unfixed>
- golang-1.24 <unfixed>
- golang-1.19 <removed>
@@ -359,7 +359,7 @@ CVE-2026-27139 (On Unix platforms, when listing the contents of a directory usin
NOTE: Fixed by: https://github.com/golang/go/commit/8cce3ab20c49a5c3c9fa8e97ad47335c3ccd2620 (go1.26.1)
NOTE: Fixed by: https://github.com/golang/go/commit/4091800393d254befde3770fd16f51200ebd5a3d (go1.25.8)
CVE-2026-25679 (url.Parse insufficiently validated the host/authority component and ac ...)
- - golang-1.26 <unfixed>
+ - golang-1.26 1.26.1-1
- golang-1.25 <unfixed>
- golang-1.24 <unfixed>
- golang-1.19 <removed>
@@ -368,7 +368,7 @@ CVE-2026-25679 (url.Parse insufficiently validated the host/authority component
NOTE: Fixed by: https://github.com/golang/go/commit/65c7d7a9fb3a9d1fbf1e702a211b8cc3a7bedb53 (go1.26.1)
NOTE: fixed by: https://github.com/golang/go/commit/d8174a9500d53784594b198f6195d1fae8dfe803 (go1.25.8)
CVE-2026-27142 (Actions which insert URLs into the content attribute of HTML meta tags ...)
- - golang-1.26 <unfixed>
+ - golang-1.26 1.26.1-1
- golang-1.25 <unfixed>
- golang-1.24 <unfixed>
- golang-1.19 <removed>
@@ -377,7 +377,7 @@ CVE-2026-27142 (Actions which insert URLs into the content attribute of HTML met
NOTE: Fixed by: https://github.com/golang/go/commit/994692847a2cd3efd319f0cb61a07c0012c8a4ff (go1.26.1)
NOTE: Fixed by: https://github.com/golang/go/commit/a9db31e6d9f280418ce441067f3f9dc0a036e770 (go1.25.8)
CVE-2026-27138 (Certificate verification can panic when a certificate in the chain has ...)
- - golang-1.26 <unfixed>
+ - golang-1.26 1.26.1-1
- golang-1.25 <not-affected> (Vulnerable code not present)
- golang-1.24 <not-affected> (Vulnerable code not present)
- golang-1.19 <not-affected> (Vulnerable code not present)
@@ -385,7 +385,7 @@ CVE-2026-27138 (Certificate verification can panic when a certificate in the cha
NOTE: https://github.com/golang/go/issues/77953
NOTE: Fixed by: https://github.com/golang/go/commit/e792d6aa952dbfdd3e8eac6f7abc3efd9df09030 (go1.26.1)
CVE-2026-27137 (When verifying a certificate chain which contains a certificate contai ...)
- - golang-1.26 <unfixed>
+ - golang-1.26 1.26.1-1
- golang-1.25 <not-affected> (Vulnerable code not present)
- golang-1.24 <not-affected> (Vulnerable code not present)
- golang-1.19 <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bd7fa953cd63b0881a6ec6391ab2a4e833e8f7f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bd7fa953cd63b0881a6ec6391ab2a4e833e8f7f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260307/9139741a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list