[Git][security-tracker-team/security-tracker][master] Add CVE-2026-42503/gopls

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
feca76f4 by Salvatore Bonaccorso at 2026-05-30T09:04:22+02:00
Add CVE-2026-42503/gopls

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16523,7 +16523,11 @@ CVE-2026-43646 (Exposure of Sensitive Information to an Unauthorized Actor vulne
 CVE-2026-42509 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-42503 (gopls by default communicates via pipe. However, -port and -listen fla ...)
-	TODO: check
+	- gopls <unfixed>
+	NOTE: https://github.com/golang/go/issues/79211
+	NOTE: https://go-review.googlesource.com/c/tools/+/774381/
+	NOTE: Fixed by: https://github.com/golang/tools/commit/90abdab4cf0af205d3d2212c73526b58c97d0bf6 (gopls/v0.22.0-pre.2)
+	TODO: check impact on golang-golang-x-tools
 CVE-2026-41938 (Vvveb before version 1.0.8.2 contains an unrestricted file upload vuln ...)
 	NOT-FOR-US: Vvveb CMS
 CVE-2026-41936 (Vvveb before version 1.0.8.2 contains an XML external entity (XXE) inj ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/feca76f492da28337b609bb9ef31848c343defce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/feca76f492da28337b609bb9ef31848c343defce
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260530/4fa23c9d/attachment.htm>