[Git][security-tracker-team/security-tracker][master] golang-github-masterminds-goutils n/a, NFU (concludes external check)

Wed, 11 Jan 2023 02:05:41 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6c99b673 by Moritz Muehlenhoff at 2023-01-11T11:04:53+01:00
golang-github-masterminds-goutils n/a, NFU (concludes external check)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37529,7 +37529,9 @@ CVE-2022-2582 (The AWS S3 Crypto SDK sends an 
unencrypted hash of the plaintext
 CVE-2021-4239 (The Noise protocol implementation suffers from weakened 
cryptographic  ...)
        TODO: check
 CVE-2021-4238 (Randomly-generated alphanumeric strings contain significantly 
less ent ...)
-       TODO: check
+       - golang-github-masterminds-goutils <not-affected> (Fixed in initial 
upload to the archive)
+       NOTE: 
https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1
+       NOTE: https://pkg.go.dev/vuln/GO-2022-0411
 CVE-2021-4237
        RESERVED
 CVE-2021-4236 (Web Sockets do not execute any AuthenticateMethod methods which 
may be ...)
@@ -37606,7 +37608,7 @@ CVE-2020-36559 (Due to improper santization of user 
input, HTTPEngine.Handle all
 CVE-2019-25072 (Due to support of Gzip compression in request bodies, as well 
as a lac ...)
        TODO: check
 CVE-2018-25046 (Due to improper path santization, archives containing relative 
file pa ...)
-       TODO: check
+       NOT-FOR-US: GO code.cloudfoundry.org/archiver
 CVE-2017-20146 (Usage of the CORS handler may apply improper CORS headers, 
allowing th ...)
        - golang-github-gorilla-handlers 1.3.0-1
        NOTE: https://github.com/gorilla/handlers/pull/116



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c99b6734f1b35fe2b94a9787d04821de9b7e43d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c99b6734f1b35fe2b94a9787d04821de9b7e43d
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to