Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
46f86dbb by Salvatore Bonaccorso at 2020-09-02T22:47:58+02:00
Add CVE-2020-24553/golang*
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1097,7 +1097,16 @@ CVE-2020-24555
CVE-2020-24554 (The redirect module in Liferay Portal before 7.3.3 does not
limit the ...)
NOT-FOR-US: Liferay
CVE-2020-24553 (Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because
text/html ...)
- TODO: check
+ - golang-1.15 <unfixed>
+ - golang-1.14 <unfixed>
+ - golang-1.11 <removed>
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ NOTE:
https://groups.google.com/forum/#!topic/golang-announce/8wqlSbkLdPs
+ NOTE: https://github.com/golang/go/issues/40928
+ NOTE: https://github.com/golang/go/issues/41164 (1.14 backport)
+ NOTE: https://github.com/golang/go/issues/41165 (1.15 backport)
+ NOTE:
https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-004/-inconsistent-behavior-of-gos-cgi-and-fastcgi-transport-may-lead-to-cross-site-scripting
CVE-2020-24552
RESERVED
CVE-2020-24551
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46f86dbbcd11ad1c95b1c72af4b447cdebec16d0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46f86dbbcd11ad1c95b1c72af4b447cdebec16d0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
