Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
29f7d181 by Salvatore Bonaccorso at 2023-04-12T13:12:05+02:00
Revert change for not-affected on CVE-2022-41722/go
It affects people cross compile windows binary on Debian.
Thanks: Shengjing Zhu
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -47051,11 +47051,13 @@ CVE-2022-41723 (A maliciously crafted HTTP/2 stream
could cause excessive CPU co
NOTE: https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
NOTE: https://go.dev/issue/57855
CVE-2022-41722 (A path traversal vulnerability exists in filepath.Clean on
Windows. On ...)
- - golang-1.20 <not-affected> (Windows-specific)
- - golang-1.19 <not-affected> (Windows-specific)
- - golang-1.15 <not-affected> (Windows-specific)
- - golang-1.11 <not-affected> (Windows-specific)
+ - golang-1.20 1.20.1-1 (unimportant)
+ [experimental] - golang-1.19 1.19.6-1
+ - golang-1.19 1.19.6-2 (unimportant)
+ - golang-1.15 <removed> (unimportant)
+ - golang-1.11 <removed> (unimportant)
NOTE: https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
+ NOTE: Only affects code cross compiled on Debian for Windows binaries
CVE-2022-41721 (A request smuggling attack is possible when using
MaxBytesHandler. Whe ...)
- golang-golang-x-net 1:0.4.0+dfsg-1
[bullseye] - golang-golang-x-net <not-affected> (Vulnerable code not
present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29f7d181bd88e363de11541667af407043579f00
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29f7d181bd88e363de11541667af407043579f00
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
