[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-39326 and CVE-2023-45285 for golang-1.20

Wed, 06 Dec 2023 01:05:00 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ed4e647b by Salvatore Bonaccorso at 2023-12-06T10:03:40+01:00
Track fixed version for CVE-2023-39326 and CVE-2023-45285 for golang-1.20

Bump as well the tracked version for CVE-2023-45283 for the complete
fix version.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -55,7 +55,7 @@ CVE-2023-6508 (Use after free in Media Stream in Google 
Chrome prior to 120.0.60
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-39326 [net/http: limit chunked data overhead]
        - golang-1.21 <unfixed>
-       - golang-1.20 <unfixed>
+       - golang-1.20 1.20.12-1
        - golang-1.19 <removed>
        - golang-1.15 <removed>
        - golang-1.11 <removed>
@@ -64,7 +64,7 @@ CVE-2023-39326 [net/http: limit chunked data overhead]
        NOTE: 
https://github.com/golang/go/commit/6446af942e2e2b161c4ec1b60d9703a2b55dc4dd 
(go1.20.12)
 CVE-2023-45285 [cmd/go: go get may unexpectedly fallback to insecure git]
        - golang-1.21 <unfixed>
-       - golang-1.20 <unfixed>
+       - golang-1.20 1.20.12-1
        - golang-1.19 <removed>
        - golang-1.15 <removed>
        - golang-1.11 <removed>
@@ -4567,7 +4567,7 @@ CVE-2023-45284 (On Windows, The IsLocal function does not 
correctly detect reser
        NOTE: No security impact for Debian packages, only affects code running 
on Windows
 CVE-2023-45283 (The filepath package does not recognize paths with a \??\ 
prefix as sp ...)
        - golang-1.21 1.21.4-1 (unimportant)
-       - golang-1.20 1.20.11-1 (unimportant)
+       - golang-1.20 1.20.12-1 (unimportant)
        - golang-1.19 <removed> (unimportant)
        - golang-1.15 <removed> (unimportant)
        - golang-1.11 <removed> (unimportant)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed4e647bcfe861389b13e0492c80a787d6ba7c3f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed4e647bcfe861389b13e0492c80a787d6ba7c3f
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to