[Git][security-tracker-team/security-tracker][master] Update information for CVE-2020-29509 and track golang-github-russellhaering-gosaml2

Salvatore Bonaccorso Sun, 28 Feb 2021 04:26:33 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7bc4cdd8 by Salvatore Bonaccorso at 2021-02-28T13:25:47+01:00
Update information for CVE-2020-29509 and track 
golang-github-russellhaering-gosaml2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21910,12 +21910,13 @@ CVE-2020-29510 (The encoding/xml package in Go 
versions 1.15 and earlier does no
        NOTE: https://github.com/golang/go/issues/43168
        NOTE: 
https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
 CVE-2020-29509 (The encoding/xml package in Go (all versions) does not 
correctly prese ...)
-       - golang-1.15 <unfixed>
-       - golang-1.11 <removed>
-       - golang-1.8 <removed>
-       [stretch] - golang-1.8 <ignored> (deemed unfixable by upstream who 
shifts responsibility to saml packages we don't ship)
-       - golang-1.7 <removed>
-       [stretch] - golang-1.7 <ignored> (deemed unfixable by upstream who 
shifts responsibility to saml packages we don't ship)
+       - golang-github-russellhaering-gosaml2 <itp> (bug #948190)
+       - golang-1.15 <unfixed> (unimportant)
+       - golang-1.11 <removed> (unimportant)
+       - golang-1.8 <removed> (unimportant)
+       - golang-1.7 <removed> (unimportant)
+       NOTE: Golang upstream does not consider the issue to be fixable in Go, 
instread
+       NOTE: shifts responsibility to saml packages.
        NOTE: https://github.com/golang/go/issues/43168
        NOTE: 
https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
        NOTE: 
https://github.com/russellhaering/gosaml2/security/advisories/GHSA-xhqq-x44f-9fgg



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bc4cdd8e6116c9aa10b8695284a39d0a18c4b4b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bc4cdd8e6116c9aa10b8695284a39d0a18c4b4b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Update information for CVE-2020-29509 and track golang-github-russellhaering-gosaml2

Reply via email to