Matthias Geerdsen pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
436686fa by Matthias Geerdsen at 2024-07-05T23:02:32+02:00
CVE-2024-6257 (golang-github-hashicorp-go-getter): add bug#
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1734,7 +1734,7 @@ CVE-2024-6300 (Incomplete cleanup when performing
redactions in Conduit, allowin
CVE-2024-6299 (Lack of consideration of key expiry when validating signatures
in Cond ...)
NOT-FOR-US: Conduit
CVE-2024-6257 (HashiCorp\u2019s go-getter library can be coerced into
executing Git u ...)
- - golang-github-hashicorp-go-getter <unfixed>
+ - golang-github-hashicorp-go-getter <unfixed> (bug #1075823)
[bookworm] - golang-github-hashicorp-go-getter <no-dsa> (Minor issue)
[bullseye] - golang-github-hashicorp-go-getter <no-dsa> (Minor issue)
NOTE:
https://discuss.hashicorp.com/t/hcsec-2024-13-hashicorp-go-getter-vulnerable-to-code-execution-on-git-update-via-git-config-manipulation/68081
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/436686faca1c47e9f0a25312210e80bebedf37b9
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/436686faca1c47e9f0a25312210e80bebedf37b9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
