Shengjing Zhu pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f7b850d8 by Shengjing Zhu at 2022-02-18T01:48:47+08:00
Track fixed version for golang-1.18 CVE-2022-23806 CVE-2022-23773 via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4819,7 +4819,7 @@ CVE-2022-23807 (An issue was discovered in phpMyAdmin 4.9
before 4.9.8 and 5.1 b
NOTE: https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/3
(missing 2FA packages)
NOTE: 2FA support is not packaged in Debian
CVE-2022-23806 (Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and
1.17.x bef ...)
- - golang-1.18 <unfixed>
+ - golang-1.18 1.18~rc1-1
- golang-1.17 1.17.7-1
- golang-1.15 <removed>
[bullseye] - golang-1.15 <no-dsa> (Minor issue)
@@ -4937,7 +4937,7 @@ CVE-2022-23775
CVE-2022-23774 (Docker Desktop before 4.4.4 on Windows allows attackers to
move arbitr ...)
NOT-FOR-US: Docker Desktop
CVE-2022-23773 (cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can
misinterpret ...)
- - golang-1.18 <unfixed>
+ - golang-1.18 1.18~rc1-1
- golang-1.17 1.17.7-1
- golang-1.15 <removed>
[bullseye] - golang-1.15 <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7b850d8d62ef388c8d1da4148174d1e1d5106c0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7b850d8d62ef388c8d1da4148174d1e1d5106c0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
