Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7c622b92 by Shengjing Zhu at 2021-12-04T01:19:00+08:00
Update CVE-2021-38297 CVE-2021-41772 for golang-1.15
- - - - -
b2a625df by Salvatore Bonaccorso at 2021-12-03T21:25:47+01:00
Update status for CVE-2021-41772
- - - - -
4575aa25 by Salvatore Bonaccorso at 2021-12-03T20:28:03+00:00
Merge branch 'zhsj/golang-1.15' into 'master'
Update CVE-2021-38297 CVE-2021-41772 for golang-1.15
See merge request security-tracker-team/security-tracker!97
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9984,12 +9984,13 @@ CVE-2017-20007 (Ingeteam INGEPAC DA AU AUC_1.13.0.28
(and before) web applicatio
CVE-2021-41772 (Go before 1.16.10 and 1.17.x before 1.17.3 allows an
archive/zip Reade ...)
- golang-1.17 1.17.3-1
- golang-1.16 1.16.10-1
- - golang-1.15 <unfixed>
- - golang-1.11 <removed>
- - golang-1.8 <removed>
- - golang-1.7 <removed>
+ - golang-1.15 <not-affected> (Vulnerable code introduced later in
go1.16beta1)
+ - golang-1.11 <not-affected> (Vulnerable code introduced later in
go1.16beta1)
+ - golang-1.8 <not-affected> (Vulnerable code introduced later in
go1.16beta1)
+ - golang-1.7 <not-affected> (Vulnerable code introduced later in
go1.16beta1)
NOTE: https://github.com/golang/go/issues/48085
NOTE: https://groups.google.com/g/golang-announce/c/0fM21h43arc
+ NOTE: Introduced in:
https://github.com/golang/go/commit/1296ee6b4f9058be75c799513ccb488d2f2dd085
(go1.16beta1)
NOTE:
https://github.com/golang/go/commit/b212ba68296b503b395e7d1838ca72a19030a6bf
(go1.17.3)
NOTE:
https://github.com/golang/go/commit/88407a8dd98411f1730907dc8a69b99488af0052
(go1.16.10)
CVE-2021-41771 (ImportedSymbols in debug/macho (for Open or OpenFat) in Go
before 1.16 ...)
@@ -18308,6 +18309,7 @@ CVE-2021-38298 (Zoho ManageEngine ADManager Plus before
7110 is vulnerable to bl
CVE-2021-38297 (Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer
Overflow via la ...)
- golang-1.17 1.17.2-1
- golang-1.16 1.16.9-1
+ - golang-1.15 <unfixed>
- golang-1.11 <removed>
[buster] - golang-1.11 <no-dsa> (Minor issue)
- golang-1.8 <not-affected> (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d9d1cfaa3a9ac4927f929321dbf4a96a733cdfbd...4575aa25acca8fa53e69e22c9007bc272a139b29
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d9d1cfaa3a9ac4927f929321dbf4a96a733cdfbd...4575aa25acca8fa53e69e22c9007bc272a139b29
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
