Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0bec1463 by Salvatore Bonaccorso at 2021-01-23T11:17:31+01:00
Add CVE-2021-3115/golang*
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4855,8 +4855,18 @@ CVE-2021-3117
RESERVED
CVE-2021-3116 (before_upstream_connection in AuthPlugin in http/proxy/auth.py
in prox ...)
NOT-FOR-US: proxy.py
-CVE-2021-3115
+CVE-2021-3115 [cmd/go: packages using cgo can cause arbitrary code execution
at build time]
RESERVED
+ - golang-1.15 1.15.7-1
+ - golang-1.11 <removed>
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ NOTE: https://github.com/golang/go/issues/43783
+ NOTE:
https://github.com/golang/go/commit/46e2e2e9d99925bbf724b12693c6d3e27a95d6a0
(master)
+ NOTE:
https://github.com/golang/go/commit/e8e7facfaa47bf21007c0a1c679debba52ec3ea0
(1.15.7)
+ NOTE: Mainly an issue on Windows but as well for Unix users who have
'.' listed
+ NOTE: explicitly in PATH and running 'go get' outside of a module or
with module
+ NOTE: mode disabled.
CVE-2021-3114 [crypto/elliptic: incorrect operations on the P-224 curve]
RESERVED
- golang-1.15 1.15.7-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bec1463adbd25193e161cd44456b43eebe440f7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bec1463adbd25193e161cd44456b43eebe440f7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
