Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
69c04ad5 by Sylvain Beucler at 2022-11-09T18:07:33+01:00
golang*: fix a few buster triage
- - - - -
133342c6 by Sylvain Beucler at 2022-11-09T18:07:33+01:00
dla: add golang-github-nats-io-jwt
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -36628,6 +36628,7 @@ CVE-2022-32150
RESERVED
CVE-2022-32149 (An attacker may cause a denial of service by crafting an
Accept-Langua ...)
- golang-golang-x-text 0.3.8-1 (bug #1021785)
+ - golang-x-text <removed>
NOTE: https://groups.google.com/g/golang-dev/c/qfPIly0X7aU
NOTE: https://go.dev/issue/56152
NOTE:
https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c
(v0.3.8)
@@ -140203,7 +140204,7 @@ CVE-2021-20207
REJECTED
CVE-2021-20206 (An improper limitation of path name flaw was found in
containernetwork ...)
- golang-github-appc-cni 0.8.1-1 (bug #983659)
- [buster] - golang-github-appc-cni <no-dsa> (Minor issue; can be fixed
via point release)
+ [buster] - golang-github-appc-cni <postponed> (Limited support, minor
issue)
[stretch] - golang-github-appc-cni <no-dsa> (Minor issue)
NOTE: https://github.com/containernetworking/cni/pull/808
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1919391
@@ -180436,7 +180437,7 @@ CVE-2020-15217 (In GLPI before version 9.5.2, there
is a leakage of user informa
- glpi <removed>
CVE-2020-15216 (In goxmldsig (XML Digital Signatures implemented in pure Go)
before ve ...)
- golang-github-russellhaering-goxmldsig 1.1.0-1 (bug #971615)
- [buster] - golang-github-russellhaering-goxmldsig <postponed> (Limited
support, minor issue, no build rdeps, follow bullseye DSAs/point-releases)
+ [buster] - golang-github-russellhaering-goxmldsig <postponed> (Limited
support, minor issue, no build rdeps)
NOTE:
https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7
NOTE:
https://github.com/russellhaering/goxmldsig/commit/f6188febf0c29d7ffe26a0436212b19cb9615e64
CVE-2020-15215 (Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2
is vuln ...)
=====================================
data/dla-needed.txt
=====================================
@@ -70,6 +70,10 @@ golang-1.11
NOTE: 20220916: Harmonize with bullseye and stretch: 9 CVEs fixed in Debian
11.2 & 11.3 + 2 CVEs fixed in stretch-lts (Beuc/front-desk)
NOTE: 20220916: CVE-2020-28367 CVE-2021-33196 CVE-2021-36221 CVE-2021-39293
CVE-2021-41771 CVE-2021-44716 CVE-2021-44717 CVE-2022-23772 CVE-2022-23773
CVE-2022-23806 CVE-2022-24921
--
+golang-github-nats-io-jwt
+ NOTE: 20221109: Programming language: Go.
+ NOTE: 20221109: Special attention: limited support, cf. buster release
notes; not in bullseye
+--
golang-go.crypto
NOTE: 20220915: Programming language: Go.
NOTE: 20220915: 3 CVEs fixed in stretch and bullseye (Beuc/front-desk)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ea2c44aecc8a086ac63fb5e5316adc8718c4522f...133342c6b0f1b4767eb217c24695a0b6b2e7a874
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ea2c44aecc8a086ac63fb5e5316adc8718c4522f...133342c6b0f1b4767eb217c24695a0b6b2e7a874
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
