[Git][security-tracker-team/security-tracker][master] Tidy golang-1.11 buster triage

Fri, 01 Dec 2023 09:34:45 -0800 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bd72ab1c by Sylvain Beucler at 2023-12-01T18:32:44+01:00
Tidy golang-1.11 buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8315,7 +8315,7 @@ CVE-2023-39325 (A malicious HTTP/2 client which rapidly 
creates requests and imm
        - golang-1.15 <removed>
        [bullseye] - golang-1.15 <no-dsa> (Minor issue)
        - golang-1.11 <removed>
-       [buster] - golang-1.11 <no-dsa> (Minor issue)
+       [buster] - golang-1.11 <postponed> (Limited support, minor issue, 
follow bullseye DSAs/point-releases)
        NOTE: https://github.com/golang/go/issues/63417
 CVE-2023-5473 (Use after free in Cast in Google Chrome prior to 118.0.5993.70 
allowed ...)
        {DSA-5526-1}
@@ -9364,7 +9364,7 @@ CVE-2023-39323 (Line directives ("//line") can be used to 
bypass the restriction
        - golang-1.15 <removed>
        [bullseye] - golang-1.15 <no-dsa> (Minor issue)
        - golang-1.11 <removed>
-       [buster] - golang-1.11 <postponed> (Limited support, follow bullseye 
DSAs/point-releases)
+       [buster] - golang-1.11 <postponed> (Limited support, minor issue, 
follow bullseye DSAs/point-releases)
        NOTE: https://go.dev/issue/63211
        NOTE: https://go.dev/cl/533215
        NOTE: https://groups.google.com/g/golang-announce/c/XBa1oHDevAo
@@ -34450,7 +34450,7 @@ CVE-2023-39319 (The html/template package does not 
apply the proper rules for ha
        - golang-1.15 <removed>
        [bullseye] - golang-1.15 <no-dsa> (Minor issue)
        - golang-1.11 <removed>
-       [buster] - golang-1.11 <postponed> (Limited support, follow bullseye 
DSAs/point-releases)
+       [buster] - golang-1.11 <postponed> (Limited support, minor issue, 
follow bullseye DSAs/point-releases)
        NOTE: https://go.dev/issue/62197
        NOTE: 
https://github.com/golang/go/commit/bbd043ff0d6d59f1a9232d31ecd5eacf6507bf6a 
(go1.21.1)
        NOTE: 
https://github.com/golang/go/commit/2070531d2f53df88e312edace6c8dfc9686ab2f5 
(go1.20.8)
@@ -34463,7 +34463,7 @@ CVE-2023-39318 (The html/template package does not 
properly handle HTML-like ""
        - golang-1.15 <removed>
        [bullseye] - golang-1.15 <no-dsa> (Minor issue)
        - golang-1.11 <removed>
-       [buster] - golang-1.11 <postponed> (Limited support, follow bullseye 
DSAs/point-releases)
+       [buster] - golang-1.11 <postponed> (Limited support, minor issue, 
follow bullseye DSAs/point-releases)
        NOTE: https://go.dev/issue/62196
        NOTE: 
https://github.com/golang/go/commit/b0e1d3ea26e8e8fce7726690c9ef0597e60739fb 
(go1.21.1)
        NOTE: 
https://github.com/golang/go/commit/023b542edf38e2a1f87fcefb9f75ff2f99401b4c 
(go1.20.8)
@@ -34475,7 +34475,7 @@ CVE-2023-29409 (Extremely large RSA keys in certificate 
chains can cause a clien
        - golang-1.15 <removed>
        [bullseye] - golang-1.15 <no-dsa> (Minor issue)
        - golang-1.11 <removed>
-       [buster] - golang-1.11 <postponed> (Limited support, follow bullseye 
DSAs/point-releases)
+       [buster] - golang-1.11 <postponed> (Limited support, minor issue, 
follow bullseye DSAs/point-releases)
        NOTE: https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI
 CVE-2023-29408 (The TIFF decoder does not place a limit on the size of 
compressed tile ...)
        - golang-golang-x-image 0.11.0-1 (bug #1043159)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd72ab1cce140396df6f5ea046b751ce399221f0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd72ab1cce140396df6f5ea046b751ce399221f0
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to