[Git][security-tracker-team/security-tracker][master] Add information for CVE-2018-1714{2,3}/golang-golang-x-net-dev

Sat, 29 Sep 2018 00:22:16 -0700 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fbef5dbb by Salvatore Bonaccorso at 2018-09-29T07:15:51Z
Add information for CVE-2018-1714{2,3}/golang-golang-x-net-dev

Further investigation needs to be done to see if the issues are only
introduced with the mentioned adding "in template" insertion mode
support. If so the vulnerable code would be introduced later than in any
version currently in sid, testing, stretch and jessie.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1314,9 +1314,17 @@ CVE-2018-17144 (Bitcoin Core 0.14.x before 0.14.3, 
0.15.x before 0.15.2, and 0.1
        - litecoin 0.16.3-1
        NOTE: 
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144
 CVE-2018-17143 (The html package (aka x/net/html) through 2018-09-17 in Go 
mishandles ...)
-       TODO: check, in golang-golang-x-net-dev?
+       - golang-golang-x-net-dev <unfixed>
+       - golang-go.net-dev <removed>
+       NOTE: https://github.com/golang/go/issues/27704
+       NOTE: 
https://github.com/golang/net/commit/2f5d2388922f370f4355f327fcf4cfe9f5583908
+       TODO: check, issue possibly only introduced with the 
500e7a4f953ddaf55d316b4d3adc516aa0379622 commit (adding "in template" insertion 
mode support)
 CVE-2018-17142 (The html package (aka x/net/html) through 2018-09-17 in Go 
mishandles ...)
-       TODO: check, in golang-golang-x-net-dev?
+       - golang-golang-x-net-dev <unfixed>
+       - golang-go.net-dev <removed>
+       NOTE: https://github.com/golang/go/issues/27702
+       NOTE: 
https://github.com/golang/net/commit/cf3bd585ca2a5a21b057abd8be7eea2204af89d0
+       TODO: check, issue possibly only introduced with the 
500e7a4f953ddaf55d316b4d3adc516aa0379622 commit (adding "in template" insertion 
mode support)
 CVE-2018-17141 (HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to 
execute ...)
        {DSA-4298-1 DLA-1515-1}
        - hylafax 3:6.0.6-8.1 (bug #909161)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fbef5dbb3412c7130e71fe129cfaf1559c295cd3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fbef5dbb3412c7130e71fe129cfaf1559c295cd3
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to