[Git][security-tracker-team/security-tracker][master] Track fixed version for golang-1.24 issues fixed via unstable

Mon, 16 Jun 2025 21:47:19 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ca6564df by Salvatore Bonaccorso at 2025-06-17T06:46:42+02:00
Track fixed version for golang-1.24 issues fixed via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3098,7 +3098,7 @@ CVE-2025-27445 (A path traversal vulnerability in 
RSFirewall component 2.9.7 - 3
 CVE-2025-0691 (Improper access control in permissions component in Devolutions 
Server ...)
        NOT-FOR-US: Devolutions
 CVE-2025-22874 (Calling Verify with a VerifyOptions.KeyUsages that contains 
ExtKeyUsag ...)
-       - golang-1.24 <unfixed> (bug #1107364)
+       - golang-1.24 1.24.4-1 (bug #1107364)
        - golang-1.23 <not-affected> (Vulnerable code not present)
        - golang-1.19 <not-affected> (Vulnerable code not present)
        - golang-1.15 <not-affected> (Vulnerable code not present)
@@ -3114,7 +3114,7 @@ CVE-2025-0913 (os.OpenFile(path, os.O_CREATE|O_EXCL) 
behaved differently on Unix
        NOTE: Fixed by: 
https://github.com/golang/go/commit/9f9cf28f8fe67e6c17123cae2d89f116504f2be1 
(go1.24.4)
        NOTE: Fixed by: 
https://github.com/golang/go/commit/c2c89d95516d2a6b51aa1766ed5f76e542ab282c 
(go1.23.10)
 CVE-2025-4673 (Proxy-Authorization and Proxy-Authenticate headers persisted on 
cross- ...)
-       - golang-1.24 <unfixed> (bug #1107364)
+       - golang-1.24 1.24.4-1 (bug #1107364)
        - golang-1.23 1.23.10-1 (bug #1107390)
        - golang-1.19 <removed>
        [bookworm] - golang-1.19 <no-dsa> (Minor issue)
@@ -12041,7 +12041,7 @@ CVE-2024-45554 (Memory corruption during concurrent SSR 
execution due to race co
 CVE-2023-33770 (Real Estate Management System v1.0 was discovered to contain a 
SQL inj ...)
        NOT-FOR-US: Real Estate Management System
 CVE-2025-22873
-       - golang-1.24 <unfixed> (bug #1104816)
+       - golang-1.24 1.24.4-1 (bug #1104816)
        - golang-1.23 <not-affected> (Vulnerable code only present in 1.24.x 
releases)
        - golang-1.19 <not-affected> (Vulnerable code only present in 1.24.x 
releases)
        - golang-1.15 <not-affected> (Vulnerable code only present in 1.24.x 
releases)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca6564df1db0ee3b4d8de0b48bdff787c37cd10f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca6564df1db0ee3b4d8de0b48bdff787c37cd10f
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to