[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2025-6172{7,9}/golang-1.15 as postponed for bullseye

Sun, 07 Dec 2025 06:18:20 -0800 


Utkarsh Gupta pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
48692215 by Utkarsh Gupta at 2025-12-07T19:41:19+05:30
Mark CVE-2025-6172{7,9}/golang-1.15 as postponed for bullseye

- - - - -
4c327c79 by Utkarsh Gupta at 2025-12-07T19:47:49+05:30
Mark CVE-2025-65637/golang-logrus as postponed for bullseye

Rebuilding 70+ rev-deps isn't worth the effort

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -633,6 +633,7 @@ CVE-2025-65806 (The E-POINT CMS eagle.gsam-1169.1 file 
upload feature improperly
        NOT-FOR-US: E-POINT CMS
 CVE-2025-65637 (A denial-of-service vulnerability exists in 
github.com/sirupsen/logrus ...)
        - golang-logrus 1.9.3-1
+       [bullseye] - golang-logrus <postponed> (Limited support, can be fixed 
later - not serious enough to require an immediate update)
        NOTE: https://github.com/mjuanxd/logrus-dos-poc
        NOTE: https://github.com/sirupsen/logrus/issues/1370
        NOTE: https://github.com/sirupsen/logrus/pull/1384
@@ -1360,6 +1361,7 @@ CVE-2025-61727 (An excluded subdomain constraint in a 
certificate chain does not
        - golang-1.19 <removed>
        [bookworm] - golang-1.19 <no-dsa> (Minor issue)
        - golang-1.15 <removed>
+       [bullseye] - golang-1.15 <postponed> (Limited support, minor issue, 
follow bookworm DSAs/point-releases)
        NOTE: https://groups.google.com/g/golang-announce/c/8FJoBkPddm4
        NOTE: https://github.com/golang/go/issues/76442
        NOTE: Fixed by: 
https://github.com/golang/go/commit/287017acebd27203aa3218abbd11ed65c2280cf8 
(go1.25.5)
@@ -1370,6 +1372,7 @@ CVE-2025-61729 (Within HostnameError.Error(), when 
constructing an error string,
        - golang-1.19 <removed>
        [bookworm] - golang-1.19 <no-dsa> (Minor issue)
        - golang-1.15 <removed>
+       [bullseye] - golang-1.15 <postponed> (Limited support, minor issue, 
follow bookworm DSAs/point-releases)
        NOTE: https://groups.google.com/g/golang-announce/c/8FJoBkPddm4
        NOTE: https://go-review.googlesource.com/c/go/+/725920
        NOTE: https://github.com/golang/go/issues/76445



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/704c9455a3d8a0eb6bc4b2d793647aa310134c66...4c327c7955975842bc54fa5c8e536509e96fc3a4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/704c9455a3d8a0eb6bc4b2d793647aa310134c66...4c327c7955975842bc54fa5c8e536509e96fc3a4
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to