Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3a61088e by Sylvain Beucler at 2023-01-06T14:14:25+01:00
golang* buster triage/harmonization
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -740,7 +740,7 @@ CVE-2020-36637 (** UNSUPPORTED WHEN ASSIGNED ** A
vulnerability was found in Chr
CVE-2018-25060 (A vulnerability was found in Macaron csrf and classified as
problemati ...)
- golang-github-go-macaron-csrf <unfixed>
[bullseye] - golang-github-go-macaron-csrf <no-dsa> (Minor issue)
- [buster] - golang-github-go-macaron-csrf <no-dsa> (Minor issue)
+ [buster] - golang-github-go-macaron-csrf <postponed> (Limited support,
minor issue, follow bullseye DSAs/point-releases)
NOTE:
https://github.com/go-macaron/csrf/commit/dadd1711a617000b70e5e408a76531b73187031c
NOTE: https://github.com/go-macaron/csrf/pull/7
CVE-2018-25059 (A vulnerability was found in pastebinit up to 0.2.2 and
classified as ...)
@@ -1891,7 +1891,7 @@ CVE-2020-36628 (A vulnerability classified as critical
has been found in Calsign
NOT-FOR-US: Calsign APDE
CVE-2020-36627 (A vulnerability was found in Macaron i18n. It has been
declared as pro ...)
- golang-github-go-macaron-i18n <unfixed>
- [buster] - golang-github-go-macaron-i18n <no-dsa> (Minor issue)
+ [buster] - golang-github-go-macaron-i18n <postponed> (Limited support,
minor issue, follow bullseye DSAs/point-releases)
NOTE:
https://github.com/go-macaron/i18n/commit/329b0c4844cc16a5a253c011b55180598e707735
(v0.5.0)
CVE-2020-36626 (A vulnerability classified as critical has been found in
Modern Tribe ...)
NOT-FOR-US: Modern Tribe Panel Builder Plugin
@@ -36079,6 +36079,7 @@ CVE-2022-2583 (A race condition can cause incorrect
HTTP request routing. ...)
TODO: check
CVE-2022-2582 (The AWS S3 Crypto SDK sends an unencrypted hash of the
plaintext along ...)
- golang-github-aws-aws-sdk-go 1.34.22-1
+ [buster] - golang-github-aws-aws-sdk-go <postponed> (Limited support,
minor issue, hash leak, invasive, follow bullseye DSAs/point-releases)
NOTE:
https://github.com/aws/aws-sdk-go/commit/35fa6ddf45c061e0f08d3a3b5119f8f4da38f6d1
(v1.33.0)
CVE-2021-4239 (The Noise protocol implementation suffers from weakened
cryptographic ...)
TODO: check
@@ -36090,6 +36091,7 @@ CVE-2021-4236 (Web Sockets do not execute any
AuthenticateMethod methods which m
TODO: check
CVE-2021-4235 (Due to unbounded alias chasing, a maliciously crafted YAML file
can ca ...)
- golang-yaml.v2 2.2.8-1
+ [buster] - golang-yaml.v2 <postponed> (Limited support, minor issue,
DoS, follow bullseye DSAs/point-releases)
NOTE:
https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241
(v2.2.3)
NOTE: https://github.com/go-yaml/yaml/pull/375
NOTE: https://pkg.go.dev/vuln/GO-2021-0061
@@ -36099,7 +36101,7 @@ CVE-2020-36568 (Unsanitized input in the query parser
in github.com/revel/revel
TODO: check
CVE-2020-36567 (Unsanitized input in the default logger in
github.com/gin-gonic/gin be ...)
- golang-github-gin-gonic-gin 1.6.3-1
- [buster] - golang-github-gin-gonic-gin <no-dsa> (Minor issue)
+ [buster] - golang-github-gin-gonic-gin <postponed> (Limited support,
minor issue, follow bullseye DSAs/point-releases)
NOTE: https://github.com/gin-gonic/gin/pull/2237
NOTE:
https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d
(v1.6.0)
CVE-2020-36566 (Due to improper path santization, archives containing relative
file pa ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a61088eec6ae7dc79e6e3c8435adde270fb3201
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a61088eec6ae7dc79e6e3c8435adde270fb3201
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
