[Git][security-tracker-team/security-tracker][master] Add new golang-go.crypto issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 22 19:31:48 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c2d4fe64 by Salvatore Bonaccorso at 2026-05-22T20:31:27+02:00
Add new golang-go.crypto issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -119,35 +119,61 @@ CVE-2026-47102 (LiteLLM prior to 1.83.10 allows a user to modify their own user_
 CVE-2026-47101 (LiteLLM prior to 1.83.14 allows an authenticated internal_user to crea ...)
 	NOT-FOR-US: LiteLLM
 CVE-2026-46598 (For certain crafted inputs, a 'ed25519.PrivateKey' was created by cast ...)
-	TODO: check
+	- golang-go.crypto <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
+	NOTE: https://github.com/golang/go/issues/79596
 CVE-2026-46597 (An incorrectly placed cast from bytes to int allowed for server-side p ...)
-	TODO: check
+	- golang-go.crypto <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
+	NOTE: https://github.com/golang/go/issues/79561
 CVE-2026-46595 (Previously, CVE-2024-45337 fixed an authorization bypass for misused s ...)
-	TODO: check
+	- golang-go.crypto <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
+	NOTE: https://github.com/golang/go/issues/79570
 CVE-2026-44409 (There is an an information disclosure vulnerability in ZTE MU5250. Due ...)
 	NOT-FOR-US: ZTE
 CVE-2026-42508 (Previously, a revoked 'SignatureKey' belonging to a CA was not correct ...)
-	TODO: check
+	- golang-go.crypto <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
+	NOTE: https://github.com/golang/go/issues/79568
 CVE-2026-3481 (The WP Blockade plugin for WordPress is vulnerable to Reflected Cross- ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-39835 (SSH servers which use CertChecker as a public key callback without set ...)
-	TODO: check
+	- golang-go.crypto <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
+	NOTE: https://github.com/golang/go/issues/79563
 CVE-2026-39834 (When writing data larger than 4GB in a single Write call on an SSH cha ...)
-	TODO: check
+	- golang-go.crypto <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
+	NOTE: https://github.com/golang/go/issues/79567
 CVE-2026-39833 (The in-memory keyring returned by NewKeyring() silently accepted keys  ...)
-	TODO: check
+	- golang-go.crypto <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
+	NOTE: https://github.com/golang/go/issues/79436
 CVE-2026-39832 (When adding a key to a remote agent constraint extensions such as rest ...)
-	TODO: check
+	- golang-go.crypto <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
+	NOTE: https://github.com/golang/go/issues/79435
 CVE-2026-39831 (The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nis ...)
-	TODO: check
+	- golang-go.crypto <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
+	NOTE: https://github.com/golang/go/issues/79566
 CVE-2026-39830 (A malicious SSH peer could send unsolicited global request responses t ...)
-	TODO: check
+	- golang-go.crypto <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
+	NOTE: https://github.com/golang/go/issues/79564
 CVE-2026-39829 (The RSA and DSA public key parsers did not enforce size limits on key  ...)
-	TODO: check
+	- golang-go.crypto <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
+	NOTE: https://github.com/golang/go/issues/79565
 CVE-2026-39828 (When an SSH server authentication callback returned PartialSuccessErro ...)
-	TODO: check
+	- golang-go.crypto <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
+	NOTE: https://github.com/golang/go/issues/79562
 CVE-2026-39827 (An authenticated SSH client that repeatedly opened channels which were ...)
-	TODO: check
+	- golang-go.crypto <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
+	NOTE: https://github.com/golang/go/issues/35127
 CVE-2026-34911 (A malicious actor with access to the network and low privileges could  ...)
 	TODO: check
 CVE-2026-34910 (A malicious actor with access to the network could exploit an Improper ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2d4fe64bcfa1c5473ddef0376ea80005a714f40

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2d4fe64bcfa1c5473ddef0376ea80005a714f40
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260522/f48ca260/attachment.htm>

More information about the debian-security-tracker-commits mailing list