Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b8da5dc1 by Salvatore Bonaccorso at 2023-09-07T08:12:50+02:00
Add initial tracking for golang-1.21 issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -20638,9 +20638,17 @@ CVE-2023-29411 (A CWE-306: Missing Authentication for
Critical Function vulnerab
NOT-FOR-US: Schneider
CVE-2023-29410 (A CWE-20: Improper Input Validation vulnerability exists that
could al ...)
NOT-FOR-US: Schneider
+CVE-2023-39322 [crypto/tls: panic when processing post-handshake message on
QUIC connections]
+ - golang-1.21 1.21.1-1
+CVE-2023-39321 [crypto/tls: panic when processing post-handshake message on
QUIC connections]
+ - golang-1.21 1.21.1-1
+CVE-2023-39320 [cmd/go: go.mod toolchain directive allows arbitrary execution]
+ - golang-1.21 1.21.1-1
CVE-2023-39319 [html/template: improper handling of special tags within script
contexts]
+ - golang-1.21 1.21.1-1
- golang-1.20 1.20.8-1
CVE-2023-39318 [html/template: improper handling of HTML-like comments within
script contexts]
+ - golang-1.21 1.21.1-1
- golang-1.20 1.20.8-1
CVE-2023-29409 (Extremely large RSA keys in certificate chains can cause a
client/serv ...)
- golang-1.20 1.20.7-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8da5dc19ec0cd21cd69701b273025a74184964f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8da5dc19ec0cd21cd69701b273025a74184964f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
