Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8629dcdf by Salvatore Bonaccorso at 2025-10-10T09:52:43+02:00
Track fixed version via unstable for various golang issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,6 @@
CVE-2025-61724 [net/textproto: excessive CPU consumption in
Reader.ReadResponse]
- - golang-1.25 <unfixed>
- - golang-1.24 <unfixed>
+ - golang-1.25 1.25.2-1
+ - golang-1.24 1.24.8-1
- golang-1.23 <unfixed>
- golang-1.19 <removed>
- golang-1.15 <removed>
@@ -9,8 +9,8 @@ CVE-2025-61724 [net/textproto: excessive CPU consumption in
Reader.ReadResponse]
NOTE:
https://github.com/golang/go/commit/5d7a787aa2b486f77537eeaed9c38c940a7182b8
(go1.25.2)
NOTE:
https://github.com/golang/go/commit/a402f4ad285514f5f3db90516d72047d591b307a
(go1.24.8)
CVE-2025-58183 [archive/tar: unbounded allocation when parsing GNU sparse map]
- - golang-1.25 <unfixed>
- - golang-1.24 <unfixed>
+ - golang-1.25 1.25.2-1
+ - golang-1.24 1.24.8-1
- golang-1.23 <unfixed>
- golang-1.19 <removed>
- golang-1.15 <removed>
@@ -19,8 +19,8 @@ CVE-2025-58183 [archive/tar: unbounded allocation when
parsing GNU sparse map]
NOTE:
https://github.com/golang/go/commit/2612dcfd3cb6dd73c76e14a24fe1a68e2708e4e3
(go1.25.2)
NOTE:
https://github.com/golang/go/commit/613e746327381d820759ebea6ce722720b343556
(go1.24.8)
CVE-2025-58188 [crypto/x509: panic when validating certificates with DSA
public keys]
- - golang-1.25 <unfixed>
- - golang-1.24 <unfixed>
+ - golang-1.25 1.25.2-1
+ - golang-1.24 1.24.8-1
- golang-1.23 <unfixed>
- golang-1.19 <removed>
- golang-1.15 <removed>
@@ -29,8 +29,8 @@ CVE-2025-58188 [crypto/x509: panic when validating
certificates with DSA public
NOTE:
https://github.com/golang/go/commit/930ce220d052d632f0d84df5850c812a77b70175
(go1.25.2)
NOTE:
https://github.com/golang/go/commit/f9f198ab05e3282cbf6b13251d47d9141981e401
(go1.24.8)
CVE-2025-58186 [net/http: lack of limit when parsing cookies can cause memory
exhaustion]
- - golang-1.25 <unfixed>
- - golang-1.24 <unfixed>
+ - golang-1.25 1.25.2-1
+ - golang-1.24 1.24.8-1
- golang-1.23 <unfixed>
- golang-1.19 <removed>
- golang-1.15 <removed>
@@ -39,8 +39,8 @@ CVE-2025-58186 [net/http: lack of limit when parsing cookies
can cause memory ex
NOTE:
https://github.com/golang/go/commit/100c5a66802b5a895b1d0e5ed3b7918f899c4833
(go1.25.2)
NOTE:
https://github.com/golang/go/commit/c6b04dd33b0215f5deb83724661921842bf67607
(go1.24.8)
CVE-2025-58185 [encoding/asn1: pre-allocating memory when parsing DER payload
can cause memory exhaustion]
- - golang-1.25 <unfixed>
- - golang-1.24 <unfixed>
+ - golang-1.25 1.25.2-1
+ - golang-1.24 1.24.8-1
- golang-1.23 <unfixed>
- golang-1.19 <removed>
- golang-1.15 <removed>
@@ -49,8 +49,8 @@ CVE-2025-58185 [encoding/asn1: pre-allocating memory when
parsing DER payload ca
NOTE:
https://github.com/golang/go/commit/e0f655bf3f96410f90756f49532bc6a1851855ca
(go1.25.2)
NOTE:
https://github.com/golang/go/commit/5c3d61c886f7ecfce9a6d6d3c97e6d5a8afb17d1
(go1.24.8)
CVE-2025-47912 [net/url: insufficient validation of bracketed IPv6 hostnames]
- - golang-1.25 <unfixed>
- - golang-1.24 <unfixed>
+ - golang-1.25 1.25.2-1
+ - golang-1.24 1.24.8-1
- golang-1.23 <unfixed>
- golang-1.19 <removed>
- golang-1.15 <removed>
@@ -59,8 +59,8 @@ CVE-2025-47912 [net/url: insufficient validation of bracketed
IPv6 hostnames]
NOTE:
https://github.com/golang/go/commit/9fd3ac8a10272afd90312fef5d379de7d688a58e
(go1.25.2)
NOTE:
https://github.com/golang/go/commit/d6d2f7bf76718f1db05461cd912ae5e30d7b77ea
(go1.24.8)
CVE-2025-61723 [encoding/pem: quadratic complexity when parsing some invalid
inputs]
- - golang-1.25 <unfixed>
- - golang-1.24 <unfixed>
+ - golang-1.25 1.25.2-1
+ - golang-1.24 1.24.8-1
- golang-1.23 <unfixed>
- golang-1.19 <removed>
- golang-1.15 <removed>
@@ -69,8 +69,8 @@ CVE-2025-61723 [encoding/pem: quadratic complexity when
parsing some invalid inp
NOTE:
https://github.com/golang/go/commit/90f72bd5001d0278949fab0b7a40f7d8c712979b
(go1.25.2)
NOTE:
https://github.com/golang/go/commit/74d4d836b91318a8764b94bc2b4b66ff599eb5f2
(go1.24.8)
CVE-2025-58189 [crypto/tls: ALPN negotiation errors can contain arbitrary text]
- - golang-1.25 <unfixed>
- - golang-1.24 <unfixed>
+ - golang-1.25 1.25.2-1
+ - golang-1.24 1.24.8-1
- golang-1.23 <unfixed>
- golang-1.19 <removed>
- golang-1.15 <removed>
@@ -79,8 +79,8 @@ CVE-2025-58189 [crypto/tls: ALPN negotiation errors can
contain arbitrary text]
NOTE:
https://github.com/golang/go/commit/205d0865958a6d2342939f62dfeaf47508101976
(go1.25.2)
NOTE:
https://github.com/golang/go/commit/2e1e356e33b9c792a9643749a7626a1789197bb9
(go1.24.8)
CVE-2025-58187 [crypto/x509: quadratic complexity when checking name
constraints]
- - golang-1.25 <unfixed>
- - golang-1.24 <unfixed>
+ - golang-1.25 1.25.2-1
+ - golang-1.24 1.24.8-1
- golang-1.23 <unfixed>
- golang-1.19 <removed>
- golang-1.15 <removed>
@@ -89,8 +89,8 @@ CVE-2025-58187 [crypto/x509: quadratic complexity when
checking name constraints
NOTE:
https://github.com/golang/go/commit/f0c69db15aae2eb10bddd8b6745dff5c2932e8f5
(go1.25.2)
NOTE:
https://github.com/golang/go/commit/f334417e71f8b078ad64035bddb6df7f8910da6c
(go1.24.8)
CVE-2025-61725 [net/mail: excessive CPU consumption in ParseAddress]
- - golang-1.25 <unfixed>
- - golang-1.24 <unfixed>
+ - golang-1.25 1.25.2-1
+ - golang-1.24 1.24.8-1
- golang-1.23 <unfixed>
- golang-1.19 <removed>
- golang-1.15 <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8629dcdf9655345c0167b51c8a213e5887c31e49
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8629dcdf9655345c0167b51c8a213e5887c31e49
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
