Shengjing Zhu pushed to branch master at Debian Security Tracker / security-tracker
Commits: f18b018c by Shengjing Zhu at 2022-02-11T23:23:03+08:00 Track fixed version for golang CVE-2022-23806 CVE-2022-23772 CVE-2022-23773 via unstable - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -3776,7 +3776,15 @@ CVE-2022-23807 (An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 b NOTE: https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/3 (missing 2FA packages) NOTE: 2FA support is not packaged in Debian CVE-2022-23806 (Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x bef ...) - TODO: check + - golang-1.18 <unfixed> + - golang-1.17 1.17.7-1 + - golang-1.15 <removed> + - golang-1.11 <removed> + - golang-1.8 <removed> + - golang-1.7 <removed> + NOTE: https://github.com/golang/go/issues/50974 + NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ + NOTE: https://github.com/golang/go/commit/e16331902340c02bdf1831b5508df2307b871ef6 (go1.17.7) CVE-2022-23805 (A security out-of-bounds read information disclosure vulnerability in ...) NOT-FOR-US: Trend Micro CVE-2022-23804 @@ -3884,9 +3892,25 @@ CVE-2022-23775 CVE-2022-23774 (Docker Desktop before 4.4.4 on Windows allows attackers to move arbitr ...) NOT-FOR-US: Docker Desktop CVE-2022-23773 (cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret ...) - TODO: check + - golang-1.18 <unfixed> + - golang-1.17 1.17.7-1 + - golang-1.15 <removed> + - golang-1.11 <removed> + - golang-1.8 <removed> + - golang-1.7 <removed> + NOTE: https://github.com/golang/go/issues/35671 + NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ + NOTE: https://github.com/golang/go/commit/fbcc30a2c9d076b27b4b411e2cec91ec13528081 (go1.17.7) CVE-2022-23772 (Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17. ...) - TODO: check + - golang-1.18 1.18~beta2-1 + - golang-1.17 1.17.7-1 + - golang-1.15 <removed> + - golang-1.11 <removed> + - golang-1.8 <removed> + - golang-1.7 <removed> + NOTE: https://github.com/golang/go/issues/50699 + NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ + NOTE: https://github.com/golang/go/commit/539d430efb5043cc6a2d4d4fcd2866b11717039a (go1.17.7) CVE-2022-23771 RESERVED CVE-2022-23770 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f18b018cfdc51a2ae9861ebfcc2ce30f29749100 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f18b018cfdc51a2ae9861ebfcc2ce30f29749100 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits