Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
797d8c76 by Salvatore Bonaccorso at 2026-01-29T05:49:51+01:00
Track fix in 1.24 release branch for CVE-2025-68119
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4865,7 +4865,7 @@ CVE-2025-68119 (Downloading and building modules with
malicious version strings
NOTE: https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc
NOTE: https://github.com/golang/go/issues/77099
NOTE: Fixed by:
https://github.com/golang/go/commit/082365aa552a7e2186f79110d5311dce70749cc0
(go1.25.6)
- TODO: check, might only affect 1.25 and above
+ NOTE: Fixed by:
https://github.com/golang/go/commit/73fe85f0ea1bf2cec8e9a89bf5645de06ecaa0a6
(release-branch.go1.24)
CVE-2025-61731 (Building a malicious file with cmd/go can cause can cause a
write to a ...)
- golang-1.25 1.25.6-1 (bug #1125916)
- golang-1.24 1.24.12-1 (bug #1125917)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/797d8c7608a13a4e3196167e27c0b3ce9e9dec1b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/797d8c7608a13a4e3196167e27c0b3ce9e9dec1b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
