[Git][security-tracker-team/security-tracker][master] Reserve DLA-2892-1 for golang-1.7

Fri, 21 Jan 2022 12:59:58 -0800 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
eead1208 by Sylvain Beucler at 2022-01-21T21:59:33+01:00
Reserve DLA-2892-1 for golang-1.7

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -20453,7 +20453,6 @@ CVE-2021-41771 (ImportedSymbols in debug/macho (for 
Open or OpenFat) in Go befor
        [buster] - golang-1.11 <no-dsa> (Minor issue)
        - golang-1.8 <removed>
        - golang-1.7 <removed>
-       [stretch] - golang-1.7 <no-dsa> (Minor issue; can be fixed with the 
next DLA)
        NOTE: https://github.com/golang/go/issues/48990
        NOTE: https://groups.google.com/g/golang-announce/c/0fM21h43arc
        NOTE: 
https://github.com/golang/go/commit/4a842985bf3f71d93a2b1340d9d6685bebc12b6b 
(go1.17.3)
@@ -41271,7 +41270,6 @@ CVE-2021-33196 (In archive/zip in Go before 1.15.13 and 
1.16.x before 1.16.5, a
        [buster] - golang-1.11 <no-dsa> (Minor issue)
        - golang-1.8 <removed>
        - golang-1.7 <removed>
-       [stretch] - golang-1.7 <postponed> (Minor issue, OOM, requires 
rebuilding reverse-dependencies)
        NOTE: https://github.com/golang/go/issues/46242
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33912
        NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[21 Jan 2022] DLA-2892-1 golang-1.7 - security update
+       {CVE-2021-33196 CVE-2021-36221 CVE-2021-39293 CVE-2021-41771 
CVE-2021-44716 CVE-2021-44717}
+       [stretch] - golang-1.7 1.7.4-2+deb9u4
 [21 Jan 2022] DLA-2891-1 golang-1.8 - security update
        {CVE-2021-33196 CVE-2021-36221 CVE-2021-39293 CVE-2021-41771 
CVE-2021-44716 CVE-2021-44717}
        [stretch] - golang-1.8 1.8.1-1+deb9u4


=====================================
data/dla-needed.txt
=====================================
@@ -50,9 +50,6 @@ gif2apng
   NOTE: 20220114: orphaned package with inactive upstream, maybe coordinate 
with Debian QA to write our own patches (Beuc)
   NOTE: 20220114: CVEs unrelated to apng2gif's (Beuc)
 --
-golang-1.7 (Sylvain Beucler)
-  NOTE: 20220114: harmonize with bullseye-11.2 (CVE-2021-36221 CVE-2021-39293 
CVE-2021-41771 CVE-2021-44716 CVE-2021-44717) (Beuc)
---
 gpac (Roberto C. Sánchez)
   NOTE: 20211101: coordinating with secteam for s-p-u since stretch/buster 
versions match (roberto)
   NOTE: 20211120: received OK from secteam for buster update, working on 
stretch/buster in parallel (roberto)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eead12083304c0be3bcb7b66b77edd0941ec674a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eead12083304c0be3bcb7b66b77edd0941ec674a
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to