[Git][security-tracker-team/security-tracker][master] Add new golang-go.crypto issues

Salvatore Bonaccorso (@carnil) Fri, 22 May 2026 11:31:59 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c2d4fe64 by Salvatore Bonaccorso at 2026-05-22T20:31:27+02:00
Add new golang-go.crypto issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -119,35 +119,61 @@ CVE-2026-47102 (LiteLLM prior to 1.83.10 allows a user to 
modify their own user_
 CVE-2026-47101 (LiteLLM prior to 1.83.14 allows an authenticated internal_user 
to crea ...)
        NOT-FOR-US: LiteLLM
 CVE-2026-46598 (For certain crafted inputs, a 'ed25519.PrivateKey' was created 
by cast ...)
-       TODO: check
+       - golang-go.crypto <unfixed>
+       NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
+       NOTE: https://github.com/golang/go/issues/79596
 CVE-2026-46597 (An incorrectly placed cast from bytes to int allowed for 
server-side p ...)
-       TODO: check
+       - golang-go.crypto <unfixed>
+       NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
+       NOTE: https://github.com/golang/go/issues/79561
 CVE-2026-46595 (Previously, CVE-2024-45337 fixed an authorization bypass for 
misused s ...)
-       TODO: check
+       - golang-go.crypto <unfixed>
+       NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
+       NOTE: https://github.com/golang/go/issues/79570
 CVE-2026-44409 (There is an an information disclosure vulnerability in ZTE 
MU5250. Due ...)
        NOT-FOR-US: ZTE
 CVE-2026-42508 (Previously, a revoked 'SignatureKey' belonging to a CA was not 
correct ...)
-       TODO: check
+       - golang-go.crypto <unfixed>
+       NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
+       NOTE: https://github.com/golang/go/issues/79568
 CVE-2026-3481 (The WP Blockade plugin for WordPress is vulnerable to Reflected 
Cross- ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-39835 (SSH servers which use CertChecker as a public key callback 
without set ...)
-       TODO: check
+       - golang-go.crypto <unfixed>
+       NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
+       NOTE: https://github.com/golang/go/issues/79563
 CVE-2026-39834 (When writing data larger than 4GB in a single Write call on an 
SSH cha ...)
-       TODO: check
+       - golang-go.crypto <unfixed>
+       NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
+       NOTE: https://github.com/golang/go/issues/79567
 CVE-2026-39833 (The in-memory keyring returned by NewKeyring() silently 
accepted keys  ...)
-       TODO: check
+       - golang-go.crypto <unfixed>
+       NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
+       NOTE: https://github.com/golang/go/issues/79436
 CVE-2026-39832 (When adding a key to a remote agent constraint extensions such 
as rest ...)
-       TODO: check
+       - golang-go.crypto <unfixed>
+       NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
+       NOTE: https://github.com/golang/go/issues/79435
 CVE-2026-39831 (The Verify() method for FIDO/U2F security key types 
(sk-ecdsa-sha2-nis ...)
-       TODO: check
+       - golang-go.crypto <unfixed>
+       NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
+       NOTE: https://github.com/golang/go/issues/79566
 CVE-2026-39830 (A malicious SSH peer could send unsolicited global request 
responses t ...)
-       TODO: check
+       - golang-go.crypto <unfixed>
+       NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
+       NOTE: https://github.com/golang/go/issues/79564
 CVE-2026-39829 (The RSA and DSA public key parsers did not enforce size limits 
on key  ...)
-       TODO: check
+       - golang-go.crypto <unfixed>
+       NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
+       NOTE: https://github.com/golang/go/issues/79565
 CVE-2026-39828 (When an SSH server authentication callback returned 
PartialSuccessErro ...)
-       TODO: check
+       - golang-go.crypto <unfixed>
+       NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
+       NOTE: https://github.com/golang/go/issues/79562
 CVE-2026-39827 (An authenticated SSH client that repeatedly opened channels 
which were ...)
-       TODO: check
+       - golang-go.crypto <unfixed>
+       NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
+       NOTE: https://github.com/golang/go/issues/35127
 CVE-2026-34911 (A malicious actor with access to the network and low 
privileges could  ...)
        TODO: check
 CVE-2026-34910 (A malicious actor with access to the network could exploit an 
Improper ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2d4fe64bcfa1c5473ddef0376ea80005a714f40

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2d4fe64bcfa1c5473ddef0376ea80005a714f40
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add new golang-go.crypto issues

Reply via email to