Hi Tobias, On Fri, Dec 14, 2018 at 10:44:35PM +0100, Dr. Tobias Quathamer wrote: > Hi, > > the recent uploads of golang-1.10 (version 1.10.6-1) and golang-1.11 > (version 1.11.3-1) include the fixes for the CVEs assigned to those > packages, namely: > > CVE-2018-16875 > CVE-2018-16874 > CVE-2018-16873 > > Unfortunately, those CVS numbers have not been included in d/changelog, > so the automatic sync didn't happen. Could you please adjust the fixed > versions in security-tracker.d.o? Thanks!
Thanks for the heads-up! There is actually never an automatic sync, as we double check such updates (but a CVE reference in changelog helps/gives hints). I have now updated the tracker entries, and should show the fixed versions soon. Regards, Salvatore
