Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9bd7fa95 by Salvatore Bonaccorso at 2026-03-07T10:46:45+01:00
Track fixed version for golang-1.26 issues fixed via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -350,7 +350,7 @@ CVE-2018-25162 (2-Plan Team 1.0.4 contains an arbitrary
file upload vulnerabilit
CVE-2018-25161 (Warranty Tracking System 11.06.3 contains an SQL injection
vulnerabili ...)
NOT-FOR-US: Warranty Tracking System
CVE-2026-27139 (On Unix platforms, when listing the contents of a directory
using File ...)
- - golang-1.26 <unfixed>
+ - golang-1.26 1.26.1-1
- golang-1.25 <unfixed>
- golang-1.24 <unfixed>
- golang-1.19 <removed>
@@ -359,7 +359,7 @@ CVE-2026-27139 (On Unix platforms, when listing the
contents of a directory usin
NOTE: Fixed by:
https://github.com/golang/go/commit/8cce3ab20c49a5c3c9fa8e97ad47335c3ccd2620
(go1.26.1)
NOTE: Fixed by:
https://github.com/golang/go/commit/4091800393d254befde3770fd16f51200ebd5a3d
(go1.25.8)
CVE-2026-25679 (url.Parse insufficiently validated the host/authority
component and ac ...)
- - golang-1.26 <unfixed>
+ - golang-1.26 1.26.1-1
- golang-1.25 <unfixed>
- golang-1.24 <unfixed>
- golang-1.19 <removed>
@@ -368,7 +368,7 @@ CVE-2026-25679 (url.Parse insufficiently validated the
host/authority component
NOTE: Fixed by:
https://github.com/golang/go/commit/65c7d7a9fb3a9d1fbf1e702a211b8cc3a7bedb53
(go1.26.1)
NOTE: fixed by:
https://github.com/golang/go/commit/d8174a9500d53784594b198f6195d1fae8dfe803
(go1.25.8)
CVE-2026-27142 (Actions which insert URLs into the content attribute of HTML
meta tags ...)
- - golang-1.26 <unfixed>
+ - golang-1.26 1.26.1-1
- golang-1.25 <unfixed>
- golang-1.24 <unfixed>
- golang-1.19 <removed>
@@ -377,7 +377,7 @@ CVE-2026-27142 (Actions which insert URLs into the content
attribute of HTML met
NOTE: Fixed by:
https://github.com/golang/go/commit/994692847a2cd3efd319f0cb61a07c0012c8a4ff
(go1.26.1)
NOTE: Fixed by:
https://github.com/golang/go/commit/a9db31e6d9f280418ce441067f3f9dc0a036e770
(go1.25.8)
CVE-2026-27138 (Certificate verification can panic when a certificate in the
chain has ...)
- - golang-1.26 <unfixed>
+ - golang-1.26 1.26.1-1
- golang-1.25 <not-affected> (Vulnerable code not present)
- golang-1.24 <not-affected> (Vulnerable code not present)
- golang-1.19 <not-affected> (Vulnerable code not present)
@@ -385,7 +385,7 @@ CVE-2026-27138 (Certificate verification can panic when a
certificate in the cha
NOTE: https://github.com/golang/go/issues/77953
NOTE: Fixed by:
https://github.com/golang/go/commit/e792d6aa952dbfdd3e8eac6f7abc3efd9df09030
(go1.26.1)
CVE-2026-27137 (When verifying a certificate chain which contains a
certificate contai ...)
- - golang-1.26 <unfixed>
+ - golang-1.26 1.26.1-1
- golang-1.25 <not-affected> (Vulnerable code not present)
- golang-1.24 <not-affected> (Vulnerable code not present)
- golang-1.19 <not-affected> (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bd7fa953cd63b0881a6ec6391ab2a4e833e8f7f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bd7fa953cd63b0881a6ec6391ab2a4e833e8f7f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
