diff options
author | Sylvain Beucler <beuc@beuc.net> | 2022-01-21 21:59:33 +0100 |
---|---|---|
committer | Sylvain Beucler <beuc@beuc.net> | 2022-01-21 21:59:33 +0100 |
commit | eead12083304c0be3bcb7b66b77edd0941ec674a (patch) | |
tree | 4359b10ab48303c2c11f3542c0a66238731d1ab5 /data | |
parent | 949dcd3e10dea7e0f94ac055a82c2ab7438dc2ee (diff) |
Reserve DLA-2892-1 for golang-1.7
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 2 | ||||
-rw-r--r-- | data/DLA/list | 3 | ||||
-rw-r--r-- | data/dla-needed.txt | 3 |
3 files changed, 3 insertions, 5 deletions
diff --git a/data/CVE/list b/data/CVE/list index 1bd994b93c..a28cfb159b 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -20453,7 +20453,6 @@ CVE-2021-41771 (ImportedSymbols in debug/macho (for Open or OpenFat) in Go befor [buster] - golang-1.11 <no-dsa> (Minor issue) - golang-1.8 <removed> - golang-1.7 <removed> - [stretch] - golang-1.7 <no-dsa> (Minor issue; can be fixed with the next DLA) NOTE: https://github.com/golang/go/issues/48990 NOTE: https://groups.google.com/g/golang-announce/c/0fM21h43arc NOTE: https://github.com/golang/go/commit/4a842985bf3f71d93a2b1340d9d6685bebc12b6b (go1.17.3) @@ -41271,7 +41270,6 @@ CVE-2021-33196 (In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a [buster] - golang-1.11 <no-dsa> (Minor issue) - golang-1.8 <removed> - golang-1.7 <removed> - [stretch] - golang-1.7 <postponed> (Minor issue, OOM, requires rebuilding reverse-dependencies) NOTE: https://github.com/golang/go/issues/46242 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33912 NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI diff --git a/data/DLA/list b/data/DLA/list index 0e50636ad6..f956513fef 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[21 Jan 2022] DLA-2892-1 golang-1.7 - security update + {CVE-2021-33196 CVE-2021-36221 CVE-2021-39293 CVE-2021-41771 CVE-2021-44716 CVE-2021-44717} + [stretch] - golang-1.7 1.7.4-2+deb9u4 [21 Jan 2022] DLA-2891-1 golang-1.8 - security update {CVE-2021-33196 CVE-2021-36221 CVE-2021-39293 CVE-2021-41771 CVE-2021-44716 CVE-2021-44717} [stretch] - golang-1.8 1.8.1-1+deb9u4 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index ea284c947e..b24d69f9ec 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -50,9 +50,6 @@ gif2apng NOTE: 20220114: orphaned package with inactive upstream, maybe coordinate with Debian QA to write our own patches (Beuc) NOTE: 20220114: CVEs unrelated to apng2gif's (Beuc) -- -golang-1.7 (Sylvain Beucler) - NOTE: 20220114: harmonize with bullseye-11.2 (CVE-2021-36221 CVE-2021-39293 CVE-2021-41771 CVE-2021-44716 CVE-2021-44717) (Beuc) --- gpac (Roberto C. Sánchez) NOTE: 20211101: coordinating with secteam for s-p-u since stretch/buster versions match (roberto) NOTE: 20211120: received OK from secteam for buster update, working on stretch/buster in parallel (roberto) |