Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4a2c3a97 by Sylvain Beucler at 2025-02-17T17:04:39+01:00
dla: harmonize golang-1.* triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2691,7 +2691,7 @@ CVE-2025-22866 (Due to the usage of a variable time
instruction in the assembly
- golang-1.22 1.22.12-1
- golang-1.19 <removed>
- golang-1.15 <removed>
- [bullseye] - golang-1.15 <ignored> (Minor issue)
+ [bullseye] - golang-1.15 <ignored> (powerpc not supported in LTS)
NOTE: https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k
NOTE: https://github.com/golang/go/issues/71383
NOTE:
https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93
(go1.24rc3)
@@ -8315,7 +8315,7 @@ CVE-2024-45341 (A certificate with a URI which has a IPv6
address with a zone ID
- golang-1.19 <removed>
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- [bullseye] - golang-1.15 <postponed> (Minor issue)
+ [bullseye] - golang-1.15 <postponed> (Limited support, minor issue,
follow bookworm DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI
NOTE: https://go.dev/issue/71156
NOTE: Fixed by:
https://github.com/golang/go/commit/468fad45a27db0ec1fff4ae397d3670795b3f977
(go1.24rc2)
@@ -8329,7 +8329,7 @@ CVE-2024-45336 (The HTTP client drops sensitive headers
after following a cross-
- golang-1.19 <removed>
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- [bullseye] - golang-1.15 <postponed> (Minor issue)
+ [bullseye] - golang-1.15 <postponed> (Limited support, minor issue,
follow bookworm DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI
NOTE: https://go.dev/issue/70530
NOTE: Fixed by:
https://github.com/golang/go/commit/6b605505047416bbbf513bba1540220a8897f3f6
(go1.24rc2)
@@ -45101,7 +45101,7 @@ CVE-2024-34158 (Calling Parse on a "// +build" build
tag line with deeply nested
- golang-1.19 <removed>
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- [bullseye] - golang-1.15 <no-dsa> (Minor issue)
+ [bullseye] - golang-1.15 <postponed> (Limited support, minor issue,
follow bookworm DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc
NOTE: https://go.dev/issue/69141
NOTE:
https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea
(go1.23.1)
@@ -45113,7 +45113,7 @@ CVE-2024-34156 (Calling Decoder.Decode on a message
which contains deeply nested
- golang-1.19 <removed>
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- [bullseye] - golang-1.15 <no-dsa> (Minor issue)
+ [bullseye] - golang-1.15 <postponed> (Limited support, minor issue,
follow bookworm DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc
NOTE: https://go.dev/issue/69139
NOTE:
https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012
(go1.23.1)
@@ -45125,7 +45125,7 @@ CVE-2024-34155 (Calling any of the Parse functions on
Go source code which conta
- golang-1.19 <removed>
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
- [bullseye] - golang-1.15 <no-dsa> (Minor issue)
+ [bullseye] - golang-1.15 <postponed> (Limited support, minor issue,
follow bookworm DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc
NOTE: https://go.dev/issue/69138
NOTE:
https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3
(go1.23.1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a2c3a9794f011e55dbaca06109568dcba062bde
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a2c3a9794f011e55dbaca06109568dcba062bde
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
