[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for golang-go.crypto issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun May 24 16:40:39 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
638fe910 by Salvatore Bonaccorso at 2026-05-24T17:40:23+02:00
Add Debian bug reference for golang-go.crypto issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -540,71 +540,71 @@ CVE-2026-47102 (LiteLLM prior to 1.83.10 allows a user to modify their own user_
 CVE-2026-47101 (LiteLLM prior to 1.83.14 allows an authenticated internal_user to crea ...)
 	NOT-FOR-US: LiteLLM
 CVE-2026-46598 (For certain crafted inputs, a 'ed25519.PrivateKey' was created by cast ...)
-	- golang-go.crypto <unfixed>
+	- golang-go.crypto <unfixed> (bug #1137516)
 	[bullseye] - golang-go.crypto <postponed> (Limited support, follow bookworm DSAs/point-releases)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
 	NOTE: https://github.com/golang/go/issues/79596
 CVE-2026-46597 (An incorrectly placed cast from bytes to int allowed for server-side p ...)
-	- golang-go.crypto <unfixed>
+	- golang-go.crypto <unfixed> (bug #1137516)
 	[bullseye] - golang-go.crypto <postponed> (Limited support, follow bookworm DSAs/point-releases)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
 	NOTE: https://github.com/golang/go/issues/79561
 CVE-2026-46595 (Previously, CVE-2024-45337 fixed an authorization bypass for misused s ...)
-	- golang-go.crypto <unfixed>
+	- golang-go.crypto <unfixed> (bug #1137516)
 	[bullseye] - golang-go.crypto <postponed> (Limited support, follow bookworm DSAs/point-releases)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
 	NOTE: https://github.com/golang/go/issues/79570
 CVE-2026-44409 (There is an an information disclosure vulnerability in ZTE MU5250. Due ...)
 	NOT-FOR-US: ZTE
 CVE-2026-42508 (Previously, a revoked 'SignatureKey' belonging to a CA was not correct ...)
-	- golang-go.crypto <unfixed>
+	- golang-go.crypto <unfixed> (bug #1137516)
 	[bullseye] - golang-go.crypto <postponed> (Limited support, follow bookworm DSAs/point-releases)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
 	NOTE: https://github.com/golang/go/issues/79568
 CVE-2026-3481 (The WP Blockade plugin for WordPress is vulnerable to Reflected Cross- ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-39835 (SSH servers which use CertChecker as a public key callback without set ...)
-	- golang-go.crypto <unfixed>
+	- golang-go.crypto <unfixed> (bug #1137516)
 	[bullseye] - golang-go.crypto <postponed> (Limited support, follow bookworm DSAs/point-releases)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
 	NOTE: https://github.com/golang/go/issues/79563
 CVE-2026-39834 (When writing data larger than 4GB in a single Write call on an SSH cha ...)
-	- golang-go.crypto <unfixed>
+	- golang-go.crypto <unfixed> (bug #1137516)
 	[bullseye] - golang-go.crypto <postponed> (Limited support, follow bookworm DSAs/point-releases)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
 	NOTE: https://github.com/golang/go/issues/79567
 CVE-2026-39833 (The in-memory keyring returned by NewKeyring() silently accepted keys  ...)
-	- golang-go.crypto <unfixed>
+	- golang-go.crypto <unfixed> (bug #1137516)
 	[bullseye] - golang-go.crypto <postponed> (Limited support, follow bookworm DSAs/point-releases)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
 	NOTE: https://github.com/golang/go/issues/79436
 CVE-2026-39832 (When adding a key to a remote agent constraint extensions such as rest ...)
-	- golang-go.crypto <unfixed>
+	- golang-go.crypto <unfixed> (bug #1137516)
 	[bullseye] - golang-go.crypto <postponed> (Limited support, follow bookworm DSAs/point-releases)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
 	NOTE: https://github.com/golang/go/issues/79435
 CVE-2026-39831 (The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nis ...)
-	- golang-go.crypto <unfixed>
+	- golang-go.crypto <unfixed> (bug #1137516)
 	[bullseye] - golang-go.crypto <postponed> (Limited support, follow bookworm DSAs/point-releases)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
 	NOTE: https://github.com/golang/go/issues/79566
 CVE-2026-39830 (A malicious SSH peer could send unsolicited global request responses t ...)
-	- golang-go.crypto <unfixed>
+	- golang-go.crypto <unfixed> (bug #1137516)
 	[bullseye] - golang-go.crypto <postponed> (Limited support, follow bookworm DSAs/point-releases)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
 	NOTE: https://github.com/golang/go/issues/79564
 CVE-2026-39829 (The RSA and DSA public key parsers did not enforce size limits on key  ...)
-	- golang-go.crypto <unfixed>
+	- golang-go.crypto <unfixed> (bug #1137516)
 	[bullseye] - golang-go.crypto <postponed> (Limited support, follow bookworm DSAs/point-releases)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
 	NOTE: https://github.com/golang/go/issues/79565
 CVE-2026-39828 (When an SSH server authentication callback returned PartialSuccessErro ...)
-	- golang-go.crypto <unfixed>
+	- golang-go.crypto <unfixed> (bug #1137516)
 	[bullseye] - golang-go.crypto <postponed> (Limited support, follow bookworm DSAs/point-releases)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
 	NOTE: https://github.com/golang/go/issues/79562
 CVE-2026-39827 (An authenticated SSH client that repeatedly opened channels which were ...)
-	- golang-go.crypto <unfixed>
+	- golang-go.crypto <unfixed> (bug #1137516)
 	[bullseye] - golang-go.crypto <postponed> (Limited support, follow bookworm DSAs/point-releases)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
 	NOTE: https://github.com/golang/go/issues/35127



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/638fe910ec624e9cd55a4732d886201cb87030b9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/638fe910ec624e9cd55a4732d886201cb87030b9
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260524/cbef1b4c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list