Add CVE-2020-14040/golang-x-text

Question to reviewers: Why are there actually both source packages? Should one be dropped in Debian?
author: Salvatore Bonaccorso <carnil@debian.org> 2020-07-04 08:58:34 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2020-07-04 08:58:34 +0200
commit: ee6d7ac941017a956512777abfbe588e9060aebc (patch)
tree: d30ccd4cf23aa9856e6e39284516c514787c5273 /data
parent: b0e619b456bc81f11fcdc8ca8394bdf3b4307afa (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 935b20ae26..fc1afcb8d1 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3542,7 +3542,11 @@ CVE-2020-14042
 CVE-2020-14041
 	RESERVED
 CVE-2020-14040 (Go version v0.3.3 of the x/text package fixes a vulnerability in encod ...)
-	TODO: check
+	- golang-golang-x-text <unfixed>
+	- golang-x-text <unfixed>
+	NOTE: https://github.com/golang/go/issues/39491
+	NOTE: https://go.googlesource.com/text/+/23ae387dee1f90d29a23c0e87ee0b46038fbed0e
+	NOTE: https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0
 CVE-2020-14039
 	RESERVED
 CVE-2020-XXXX [Editor: Ensure latest comments can only be viewed from public posts]
author	Salvatore Bonaccorso <carnil@debian.org>	2020-07-04 08:58:34 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2020-07-04 08:58:34 +0200
commit	ee6d7ac941017a956512777abfbe588e9060aebc (patch)
tree	d30ccd4cf23aa9856e6e39284516c514787c5273 /data
parent	b0e619b456bc81f11fcdc8ca8394bdf3b4307afa (diff)