golang-1.11: drop fix for CVE-2022-23772

Sylvain Beucler (@beuc) Wed, 19 Apr 2023 14:43:56 -0700


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1a84b20b by Sylvain Beucler at 2023-04-19T23:43:24+02:00
DLA-3395-1/golang-1.11: drop fix for CVE-2022-23772

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -100204,12 +100204,13 @@ CVE-2022-23773 (cmd/go in Go before 1.16.14 and 
1.17.x before 1.17.7 can misinte
        NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
        NOTE: 
https://github.com/golang/go/commit/fbcc30a2c9d076b27b4b411e2cec91ec13528081 
(go1.17.7)
 CVE-2022-23772 (Rat.SetString in math/big in Go before 1.16.14 and 1.17.x 
before 1.17. ...)
-       {DLA-3395-1 DLA-2986-1 DLA-2985-1}
+       {DLA-2986-1 DLA-2985-1}
        - golang-1.18 1.18~beta2-1
        - golang-1.17 1.17.7-1
        - golang-1.15 <removed>
        [bullseye] - golang-1.15 1.15.15-1~deb11u3
        - golang-1.11 <removed>
+       [buster] - golang-1.11 <ignored> (Limited support, minor issue, DoS, 
code is different, importing Rat.SetString from 1.16 causes arm64-specific test 
suite failures)
        - golang-1.8 <removed>
        - golang-1.7 <removed>
        NOTE: https://github.com/golang/go/issues/50699


=====================================
data/DLA/list
=====================================
@@ -1,6 +1,6 @@
 [19 Apr 2023] DLA-3395-1 golang-1.11 - security update
-       {CVE-2020-28367 CVE-2021-33196 CVE-2021-36221 CVE-2021-38297 
CVE-2021-39293 CVE-2021-41771 CVE-2021-44716 CVE-2021-44717 CVE-2022-23772 
CVE-2022-23806 CVE-2022-24921}
-       [buster] - golang-1.11 1.11.6-1+deb10u5
+       {CVE-2020-28367 CVE-2021-33196 CVE-2021-36221 CVE-2021-38297 
CVE-2021-39293 CVE-2021-41771 CVE-2021-44716 CVE-2021-44717 CVE-2022-23806 
CVE-2022-24921}
+       [buster] - golang-1.11 1.11.6-1+deb10u6
 [19 Apr 2023] DLA-3394-1 asterisk - security update
        {CVE-2023-27585}
        [buster] - asterisk 1:16.28.0~dfsg-0+deb10u3



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a84b20b20bcc3488f2ba8348eafa0ebf3940b81

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a84b20b20bcc3488f2ba8348eafa0ebf3940b81
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] DLA-3395-1/golang-1.11: drop fix for CVE-2022-23772

Reply via email to