[Git][security-tracker-team/security-tracker][master] 4 commits: Marked golang-1.11 CVEs as no-dsa for buster following bullseye.

Ola Lundqvist (@opal) Sun, 18 Jun 2023 13:01:20 -0700


Ola Lundqvist pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2bc45273 by Ola Lundqvist at 2023-06-18T21:46:34+02:00
Marked golang-1.11 CVEs as no-dsa for buster following bullseye.

- - - - -
22287c80 by Ola Lundqvist at 2023-06-18T21:49:11+02:00
Marked golang-1.11 CVE-29403 as no-dsa in buster due to limited support.

- - - - -
b6da7d0e by Ola Lundqvist at 2023-06-18T21:51:30+02:00
Marked golang-1.11 CVEs as postponed due to limited support.

- - - - -
077def48 by Ola Lundqvist at 2023-06-18T22:00:40+02:00
Marked node-matrix-js-sdk as postponed for buster.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9601,6 +9601,7 @@ CVE-2023-29405 (The go command may execute arbitrary code 
at build time when usi
        [bookworm] - golang-1.19 <no-dsa> (Minor issue)
        - golang-1.15 <removed>
        - golang-1.11 <removed>
+       [buster] - golang-1.11 <postponed> (Limited support)
        NOTE: https://groups.google.com/g/golang-announce/c/q5135a9d924
        NOTE: https://github.com/golang/go/issues/60306
        NOTE: 
https://github.com/golang/go/commit/fa60c381ed06c12f9c27a7b50ca44c5f84f7f0f4 
(go1.20.5)
@@ -9614,6 +9615,7 @@ CVE-2023-29404 (The go command may execute arbitrary code 
at build time when usi
        [bookworm] - golang-1.19 <no-dsa> (Minor issue)
        - golang-1.15 <removed>
        - golang-1.11 <removed>
+       [buster] - golang-1.11 <postponed> (Limited support)
        NOTE: https://groups.google.com/g/golang-announce/c/q5135a9d924
        NOTE: https://github.com/golang/go/issues/60305
        NOTE: 
https://github.com/golang/go/commit/356a419e2f811b65d227abcea1a346f8dcb154e0 
(go1.20.5)
@@ -9624,6 +9626,7 @@ CVE-2023-29403 (On Unix platforms, the Go runtime does 
not behave differently wh
        - golang-1.19 1.19.10-2
        - golang-1.15 <removed>
        - golang-1.11 <removed>
+       [buster] - golang-1.11 <no-dsa> (Limited support)
        NOTE: https://groups.google.com/g/golang-announce/c/q5135a9d924
        NOTE: https://github.com/golang/go/issues/60272
        NOTE: 
https://github.com/golang/go/commit/36144ba429ef2650940c72e7a0b932af3612d420 
(go1.20.5)
@@ -9634,6 +9637,7 @@ CVE-2023-29402 (The go command may generate unexpected 
code at build time when u
        - golang-1.19 1.19.10-2
        - golang-1.15 <removed>
        - golang-1.11 <removed>
+       [buster] - golang-1.11 <postponed> (Limited support)
        NOTE: https://groups.google.com/g/golang-announce/c/q5135a9d924
        NOTE: https://github.com/golang/go/issues/60167
        NOTE: 
https://github.com/golang/go/commit/c0ed873cd8259f16d0da67eee783fda49f45ef61 
(go1.20.5)
@@ -9651,6 +9655,7 @@ CVE-2023-29400 (Templates containing actions in unquoted 
HTML attributes (e.g. "
        [bullseye] - golang-1.19 <no-dsa> (Minor issue)
        - golang-1.15 <removed>
        - golang-1.11 <removed>
+       [buster] - golang-1.11 <no-dsa> (Minor issue)
        NOTE: https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
        NOTE: https://github.com/golang/go/issues/59722
        NOTE: 
https://github.com/golang/go/commit/9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5 
(go1.19.9)
@@ -24585,6 +24590,7 @@ CVE-2023-24540 (Not all valid JavaScript whitespace 
characters are considered to
        [bullseye] - golang-1.19 <no-dsa> (Minor issue)
        - golang-1.15 <removed>
        - golang-1.11 <removed>
+       [buster] - golang-1.11 <no-dsa> (Minor issue)
        NOTE: https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
        NOTE: https://github.com/golang/go/issues/59721
        NOTE: 
https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797 
(go1.19.9)
@@ -24597,6 +24603,7 @@ CVE-2023-24539 (Angle brackets (<>) are not considered 
dangerous characters when
        [bullseye] - golang-1.19 <no-dsa> (Minor issue)
        - golang-1.15 <removed>
        - golang-1.11 <removed>
+       [buster] - golang-1.11 <no-dsa> (Minor issue)
        NOTE: https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
        NOTE: https://github.com/golang/go/issues/59720
        NOTE: 
https://github.com/golang/go/commit/e49282327b05192e46086bf25fd3ac691205fe80 
(go1.19.9)
@@ -61025,16 +61032,19 @@ CVE-2022-39252 (matrix-rust-sdk is an implementation 
of a Matrix client-server l
        NOT-FOR-US: matrix-rust-sdk
 CVE-2022-39251 (Matrix Javascript SDK is the Matrix Client-Server SDK for 
JavaScript.  ...)
        - node-matrix-js-sdk <unfixed> (bug #1021136)
+       [buster] - node-matrix-js-sdk <postponed> (Can wait for next update)
        NOTE: 
https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-r48r-j8fx-mq2c
        NOTE: 
https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
        NOTE: 
https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
 CVE-2022-39250 (Matrix JavaScript SDK is the Matrix Client-Server software 
development ...)
        - node-matrix-js-sdk <unfixed> (bug #1021136)
+       [buster] - node-matrix-js-sdk <postponed> (Can wait for next update)
        NOTE: 
https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-5w8r-8pgj-5jmf
        NOTE: 
https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
        NOTE: 
https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
 CVE-2022-39249 (Matrix Javascript SDK is the Matrix Client-Server SDK for 
JavaScript.  ...)
        - node-matrix-js-sdk <unfixed> (bug #1021136)
+       [buster] - node-matrix-js-sdk <postponed> (Can wait for next update)
        NOTE: 
https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-6263-x97c-c4gg
        NOTE: 
https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
        NOTE: https://github.com/matrix-org/matrix-spec-proposals/pull/3061
@@ -61075,6 +61085,7 @@ CVE-2022-39237 (syslabs/sif is the Singularity Image 
Format (SIF) reference impl
        NOTE: 
https://github.com/sylabs/sif/commit/a854038ce1f18237b81d505a1c3be6a60505db52 
(v2.8.1)
 CVE-2022-39236 (Matrix Javascript SDK is the Matrix Client-Server SDK for 
JavaScript.  ...)
        - node-matrix-js-sdk <unfixed> (bug #1021136)
+       [buster] - node-matrix-js-sdk <postponed> (Minor issue)
        NOTE: 
https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-hvv8-5v86-r45x
        NOTE: 
https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
        NOTE: https://github.com/matrix-org/matrix-spec-proposals/pull/3488



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/00d9ac0a31fd26db3ef729e75113317349fa51dd...077def48d552c9589362dbc35fd97d8679d74065

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/00d9ac0a31fd26db3ef729e75113317349fa51dd...077def48d552c9589362dbc35fd97d8679d74065
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 4 commits: Marked golang-1.11 CVEs as no-dsa for buster following bullseye.

Reply via email to