[Git][security-tracker-team/security-tracker][master] Marked golang-golang-x-net-dev CVE-2022-41717 and CVE-2022-27664 as postponed.

Ola Lundqvist (@opal) Sun, 18 Jun 2023 12:42:41 -0700


Ola Lundqvist pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
00d9ac0a by Ola Lundqvist at 2023-06-18T21:41:44+02:00
Marked golang-golang-x-net-dev CVE-2022-41717 and CVE-2022-27664 as postponed.

Following the decision for golang-1.11 package.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -54866,6 +54866,7 @@ CVE-2022-41717 (An attacker can cause excessive memory 
growth in a Go server acc
        [buster] - golang-1.11 <postponed> (Limited support, follow bullseye 
DSAs/point-releases)
        - golang-golang-x-net 1:0.4.0+dfsg-1
        - golang-golang-x-net-dev <removed>
+       [buster] - golang-golang-x-net-dev <postponed> (Limited support, follow 
bullseye DSAs/point-releases)
        NOTE: https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU
        NOTE: https://go.dev/issue/56350
        NOTE: 
https://github.com/golang/go/commit/618120c165669c00a1606505defea6ca755cdc27 
(go1.19.4)
@@ -94168,6 +94169,7 @@ CVE-2022-27664 (In net/http in Go before 1.18.6 and 
1.19.x before 1.19.1, attack
        [buster] - golang-1.11 <postponed> (Limited support, minor issue, 
follow bullseye DSAs/point-releases)
        - golang-golang-x-net 1:0.0+git20221012.0b7e1fb+dfsg-1
        - golang-golang-x-net-dev <removed>
+       [buster] - golang-golang-x-net-dev <postponed> (Limited support, follow 
bullseye DSAs/point-releases)
        NOTE: https://groups.google.com/g/golang-announce/c/x49AQzIVX-s
        NOTE: https://github.com/golang/go/issues/54658
        NOTE: 
https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 
(go1.19.1)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00d9ac0a31fd26db3ef729e75113317349fa51dd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00d9ac0a31fd26db3ef729e75113317349fa51dd
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Marked golang-golang-x-net-dev CVE-2022-41717 and CVE-2022-27664 as postponed.

Reply via email to