[Git][security-tracker-team/security-tracker][master] Marked CVEs for golang-1.11 as postponed with limited support.

[Ola Lundqvist (@opal)]

Ola Lundqvist pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ba3d969f by Ola Lundqvist at 2024-03-06T20:45:06+01:00
Marked CVEs for golang-1.11 as postponed with limited support.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -225,6 +225,7 @@ CVE-2024-24785 (If errors returned from MarshalJSON methods 
contain user control
        - golang-1.19 <removed>
        - golang-1.15 <removed>
        - golang-1.11 <removed>
+       [buster] - golang-1.11 <postponed> (Limited support, minor issue, 
follow bullseye DSAs/point-releases)
        NOTE: https://github.com/golang/go/issues/65697
        NOTE: 
https://github.com/golang/go/commit/056b0edcb8c152152021eebf4cf42adbfbe77992 
(go1.22.1)
        NOTE: 
https://github.com/golang/go/commit/3643147a29352ca2894fd5d0d2069bc4b4335a7e 
(go1.21.8)
@@ -234,6 +235,7 @@ CVE-2024-24784 (The ParseAddressList function incorrectly 
handles comments (text
        - golang-1.19 <removed>
        - golang-1.15 <removed>
        - golang-1.11 <removed>
+       [buster] - golang-1.11 <postponed> (Limited support, minor issue, 
follow bullseye DSAs/point-releases)
        NOTE: https://github.com/golang/go/issues/65083
        NOTE: 
https://github.com/golang/go/commit/5330cd225ba54c7dc78c1b46dcdf61a4671a632c 
(go1.22.1)
        NOTE: 
https://github.com/golang/go/commit/263c059b09fdd40d9dd945f2ecb20c89ea28efe5 
(go1.21.8)
@@ -243,6 +245,7 @@ CVE-2024-24783 (Verifying a certificate chain which 
contains a certificate with
        - golang-1.19 <removed>
        - golang-1.15 <removed>
        - golang-1.11 <removed>
+       [buster] - golang-1.11 <postponed> (Limited support, minor issue, 
follow bullseye DSAs/point-releases)
        NOTE: https://github.com/golang/go/issues/65390
        NOTE: 
https://github.com/golang/go/commit/337b8e9cbfa749d9d5c899e0dc358e2208d5e54f 
(go1.22.1)
        NOTE: 
https://github.com/golang/go/commit/be5b52bea674190ef7de272664be6c7ae93ec5a0 
(go1.21.8)
@@ -257,6 +260,7 @@ CVE-2023-45290 (When parsing a multipart form (either 
explicitly with Request.Pa
        - golang-1.19 <removed>
        - golang-1.15 <removed>
        - golang-1.11 <removed>
+       [buster] - golang-1.11 <postponed> (Limited support, minor issue, 
follow bullseye DSAs/point-releases)
        NOTE: https://github.com/golang/go/issues/65383
        NOTE: 
https://github.com/golang/go/commit/041a47712e765e94f86d841c3110c840e76d8f82 
(go1.22.1)
        NOTE: 
https://github.com/golang/go/commit/bf80213b121074f4ad9b449410a4d13bae5e9be0 
(go1.21.8)
@@ -266,6 +270,7 @@ CVE-2023-45289 (When following an HTTP redirect to a domain 
which is not a subdo
        - golang-1.19 <removed>
        - golang-1.15 <removed>
        - golang-1.11 <removed>
+       [buster] - golang-1.11 <postponed> (Limited support, minor issue, 
follow bullseye DSAs/point-releases)
        NOTE: https://github.com/golang/go/issues/65065
        NOTE: 
https://github.com/golang/go/commit/3a855208e3efed2e9d7c20ad023f1fa78afcc0be 
(go1.22.1)
        NOTE: 
https://github.com/golang/go/commit/20586c0dbe03d144f914155f879fa5ee287591a1 
(go1.21.8)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba3d969f7990add7ae54e9dec101c27dd55357c9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba3d969f7990add7ae54e9dec101c27dd55357c9
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits