Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
df9666fa by Salvatore Bonaccorso at 2023-12-05T21:50:03+01:00
Add CVE-2023-45287/go
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -55,7 +55,18 @@ CVE-2023-45839 (Multiple data integrity vulnerabilities
exist in the package has
CVE-2023-45838 (Multiple data integrity vulnerabilities exist in the package
hash chec ...)
NOT-FOR-US: Buildroot
CVE-2023-45287 (Before Go 1.20, the RSA based TLS key exchanges used the
math/big libr ...)
- TODO: check
+ - golang-1.20 <not-affected> (Fixed before initial upload to Debian)
+ - golang-1.19 <removed>
+ [bookworm] - golang-1.19 <no-dsa> (Minor issue; intrusive backport)
+ - golang-1.15 <removed>
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue; intrusive backport)
+ - golang-1.11 <removed>
+ NOTE: https://go.dev/issue/20654
+ NOTE: https://go.dev/cl/326012/26
+ NOTE: https://groups.google.com/g/golang-announce/c/QMK8IQALDvA
+ NOTE: https://people.redhat.com/~hkario/marvin/
+ NOTE: https://pkg.go.dev/vuln/GO-2023-2375
+ NOTE: Fixed by:
https://github.com/golang/go/commit/8a81fdf165facdcefa06531de5af98a4db343035
(go1.20rc1)
CVE-2023-45085 (An issue exists in SoftIron HyperCloud where compute nodes may
come on ...)
NOT-FOR-US: SoftIron HyperCloud
CVE-2023-45084 (An issue exists in SoftIron HyperCloud where drive caddy
removal and r ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df9666faf698e187516900674e79da04e7c21fef
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df9666faf698e187516900674e79da04e7c21fef
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
