Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5aa378b2 by Salvatore Bonaccorso at 2023-12-06T10:05:37+01:00 Track fixed version for CVE-2023-39326 and CVE-2023-45285 for golang-1.21 Bump as well the tracked version for CVE-2023-45283 for the complete fix version. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -54,7 +54,7 @@ CVE-2023-6508 (Use after free in Media Stream in Google Chrome prior to 120.0.60 - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-39326 [net/http: limit chunked data overhead] - - golang-1.21 <unfixed> + - golang-1.21 1.21.5-1 - golang-1.20 1.20.12-1 - golang-1.19 <removed> - golang-1.15 <removed> @@ -63,7 +63,7 @@ CVE-2023-39326 [net/http: limit chunked data overhead] NOTE: https://github.com/golang/go/commit/ec8c526e4be720e94b98ca509e6364f0efaf28f7 (go1.21.5) NOTE: https://github.com/golang/go/commit/6446af942e2e2b161c4ec1b60d9703a2b55dc4dd (go1.20.12) CVE-2023-45285 [cmd/go: go get may unexpectedly fallback to insecure git] - - golang-1.21 <unfixed> + - golang-1.21 1.21.5-1 - golang-1.20 1.20.12-1 - golang-1.19 <removed> - golang-1.15 <removed> @@ -4566,7 +4566,7 @@ CVE-2023-45284 (On Windows, The IsLocal function does not correctly detect reser NOTE: https://github.com/golang/go/commit/46fb78168596f7ce8834f528bb0eb9555c08bcae (go1.20.11) NOTE: No security impact for Debian packages, only affects code running on Windows CVE-2023-45283 (The filepath package does not recognize paths with a \??\ prefix as sp ...) - - golang-1.21 1.21.4-1 (unimportant) + - golang-1.21 1.21.5-1 (unimportant) - golang-1.20 1.20.12-1 (unimportant) - golang-1.19 <removed> (unimportant) - golang-1.15 <removed> (unimportant) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5aa378b2932f3a7de1288077659d310e40a1bf6b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5aa378b2932f3a7de1288077659d310e40a1bf6b You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits