Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
feca76f4 by Salvatore Bonaccorso at 2026-05-30T09:04:22+02:00
Add CVE-2026-42503/gopls
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16523,7 +16523,11 @@ CVE-2026-43646 (Exposure of Sensitive Information to
an Unauthorized Actor vulne
CVE-2026-42509 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-42503 (gopls by default communicates via pipe. However, -port and
-listen fla ...)
- TODO: check
+ - gopls <unfixed>
+ NOTE: https://github.com/golang/go/issues/79211
+ NOTE: https://go-review.googlesource.com/c/tools/+/774381/
+ NOTE: Fixed by:
https://github.com/golang/tools/commit/90abdab4cf0af205d3d2212c73526b58c97d0bf6
(gopls/v0.22.0-pre.2)
+ TODO: check impact on golang-golang-x-tools
CVE-2026-41938 (Vvveb before version 1.0.8.2 contains an unrestricted file
upload vuln ...)
NOT-FOR-US: Vvveb CMS
CVE-2026-41936 (Vvveb before version 1.0.8.2 contains an XML external entity
(XXE) inj ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/feca76f492da28337b609bb9ef31848c343defce
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/feca76f492da28337b609bb9ef31848c343defce
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
