[Git][security-tracker-team/security-tracker][master] Track fixed version for golang-github-theupdateframework-go-tuf issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Mar 20 05:37:38 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e0ad202b by Salvatore Bonaccorso at 2026-03-20T06:37:07+01:00
Track fixed version for golang-github-theupdateframework-go-tuf issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21630,7 +21630,7 @@ CVE-2026-XXXX [RUSTSEC-2026-0005: Potential use-after-free in oneshot when used
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0005.html
 	NOTE: https://github.com/faern/oneshot/issues/73
 CVE-2026-24686 (go-tuf is a Go implementation of The Update Framework (TUF). go-tuf's  ...)
-	- golang-github-theupdateframework-go-tuf <unfixed> (bug #1126581)
+	- golang-github-theupdateframework-go-tuf 2.4.1+0.7.0-1 (bug #1126581)
 	[trixie] - golang-github-theupdateframework-go-tuf <no-dsa> (Minor issue)
 	NOTE: https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-jqc5-w2xx-5vq4
 	NOTE: https://github.com/theupdateframework/go-tuf/commit/d361e2ea24e427581343dee5c7a32b485d79fcc0 (v2.4.1)
@@ -23041,12 +23041,12 @@ CVE-2026-24001 (jsdiff is a JavaScript text differencing implementation. Prior t
 CVE-2026-23996 (FastAPI Api Key provides a backend-agnostic library that provides an A ...)
 	NOT-FOR-US: FastAPI Api Key
 CVE-2026-23992 (go-tuf is a Go implementation of The Update Framework (TUF). Starting  ...)
-	- golang-github-theupdateframework-go-tuf <unfixed> (bug #1126271)
+	- golang-github-theupdateframework-go-tuf 2.4.1+0.7.0-1 (bug #1126271)
 	[trixie] - golang-github-theupdateframework-go-tuf <no-dsa> (Minor issue)
 	NOTE: https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-fphv-w9fq-2525
 	NOTE: Fixed by: https://github.com/theupdateframework/go-tuf/commit/b38d91fdbc69dfe31fe9230d97dafe527ea854a0 (v2.3.1)
 CVE-2026-23991 (go-tuf is a Go implementation of The Update Framework (TUF). Starting  ...)
-	- golang-github-theupdateframework-go-tuf <unfixed> (bug #1126269)
+	- golang-github-theupdateframework-go-tuf 2.4.1+0.7.0-1 (bug #1126269)
 	[trixie] - golang-github-theupdateframework-go-tuf <no-dsa> (Minor issue)
 	NOTE: https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-846p-jg2w-w324
 	NOTE: Fixed by: https://github.com/theupdateframework/go-tuf/commit/73345ab6b0eb7e59d525dac17a428f043074cef6 (v2.3.1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0ad202bae1d52be554ae7076d0b06250a5edfb6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0ad202bae1d52be554ae7076d0b06250a5edfb6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260320/df1b9432/attachment.htm>

More information about the debian-security-tracker-commits mailing list