[Git][security-tracker-team/security-tracker][master] Track fixed version for golang CVE-2022-23806 CVE-2022-23772 CVE-2022-23773 via unstable

[Shengjing Zhu (@zhsj)]

Shengjing Zhu pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f18b018c by Shengjing Zhu at 2022-02-11T23:23:03+08:00
Track fixed version for golang CVE-2022-23806 CVE-2022-23772 CVE-2022-23773 via 
unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3776,7 +3776,15 @@ CVE-2022-23807 (An issue was discovered in phpMyAdmin 
4.9 before 4.9.8 and 5.1 b
        NOTE: https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/3 
(missing 2FA packages)
        NOTE: 2FA support is not packaged in Debian
 CVE-2022-23806 (Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 
1.17.x bef ...)
-       TODO: check
+       - golang-1.18 <unfixed>
+       - golang-1.17 1.17.7-1
+       - golang-1.15 <removed>
+       - golang-1.11 <removed>
+       - golang-1.8 <removed>
+       - golang-1.7 <removed>
+       NOTE: https://github.com/golang/go/issues/50974
+       NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
+       NOTE: 
https://github.com/golang/go/commit/e16331902340c02bdf1831b5508df2307b871ef6 
(go1.17.7)
 CVE-2022-23805 (A security out-of-bounds read information disclosure 
vulnerability in  ...)
        NOT-FOR-US: Trend Micro
 CVE-2022-23804
@@ -3884,9 +3892,25 @@ CVE-2022-23775
 CVE-2022-23774 (Docker Desktop before 4.4.4 on Windows allows attackers to 
move arbitr ...)
        NOT-FOR-US: Docker Desktop
 CVE-2022-23773 (cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can 
misinterpret  ...)
-       TODO: check
+       - golang-1.18 <unfixed>
+       - golang-1.17 1.17.7-1
+       - golang-1.15 <removed>
+       - golang-1.11 <removed>
+       - golang-1.8 <removed>
+       - golang-1.7 <removed>
+       NOTE: https://github.com/golang/go/issues/35671
+       NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
+       NOTE: 
https://github.com/golang/go/commit/fbcc30a2c9d076b27b4b411e2cec91ec13528081 
(go1.17.7)
 CVE-2022-23772 (Rat.SetString in math/big in Go before 1.16.14 and 1.17.x 
before 1.17. ...)
-       TODO: check
+       - golang-1.18 1.18~beta2-1
+       - golang-1.17 1.17.7-1
+       - golang-1.15 <removed>
+       - golang-1.11 <removed>
+       - golang-1.8 <removed>
+       - golang-1.7 <removed>
+       NOTE: https://github.com/golang/go/issues/50699
+       NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
+       NOTE: 
https://github.com/golang/go/commit/539d430efb5043cc6a2d4d4fcd2866b11717039a 
(go1.17.7)
 CVE-2022-23771
        RESERVED
 CVE-2022-23770



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f18b018cfdc51a2ae9861ebfcc2ce30f29749100

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f18b018cfdc51a2ae9861ebfcc2ce30f29749100
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits