[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-39326 and CVE-2023-45285 for golang-1.21

Wed, 06 Dec 2023 01:06:45 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5aa378b2 by Salvatore Bonaccorso at 2023-12-06T10:05:37+01:00
Track fixed version for CVE-2023-39326 and CVE-2023-45285 for golang-1.21

Bump as well the tracked version for CVE-2023-45283 for the complete
fix version.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -54,7 +54,7 @@ CVE-2023-6508 (Use after free in Media Stream in Google 
Chrome prior to 120.0.60
        - chromium <unfixed>
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-39326 [net/http: limit chunked data overhead]
-       - golang-1.21 <unfixed>
+       - golang-1.21 1.21.5-1
        - golang-1.20 1.20.12-1
        - golang-1.19 <removed>
        - golang-1.15 <removed>
@@ -63,7 +63,7 @@ CVE-2023-39326 [net/http: limit chunked data overhead]
        NOTE: 
https://github.com/golang/go/commit/ec8c526e4be720e94b98ca509e6364f0efaf28f7 
(go1.21.5)
        NOTE: 
https://github.com/golang/go/commit/6446af942e2e2b161c4ec1b60d9703a2b55dc4dd 
(go1.20.12)
 CVE-2023-45285 [cmd/go: go get may unexpectedly fallback to insecure git]
-       - golang-1.21 <unfixed>
+       - golang-1.21 1.21.5-1
        - golang-1.20 1.20.12-1
        - golang-1.19 <removed>
        - golang-1.15 <removed>
@@ -4566,7 +4566,7 @@ CVE-2023-45284 (On Windows, The IsLocal function does not 
correctly detect reser
        NOTE: 
https://github.com/golang/go/commit/46fb78168596f7ce8834f528bb0eb9555c08bcae 
(go1.20.11)
        NOTE: No security impact for Debian packages, only affects code running 
on Windows
 CVE-2023-45283 (The filepath package does not recognize paths with a \??\ 
prefix as sp ...)
-       - golang-1.21 1.21.4-1 (unimportant)
+       - golang-1.21 1.21.5-1 (unimportant)
        - golang-1.20 1.20.12-1 (unimportant)
        - golang-1.19 <removed> (unimportant)
        - golang-1.15 <removed> (unimportant)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5aa378b2932f3a7de1288077659d310e40a1bf6b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5aa378b2932f3a7de1288077659d310e40a1bf6b
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to