summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSylvain Beucler <beuc@beuc.net>2022-01-21 21:59:33 +0100
committerSylvain Beucler <beuc@beuc.net>2022-01-21 21:59:33 +0100
commit896566d0efd9e15e65896f93f1e4e580caa5518e (patch)
treeb33bd478cc4d6b901c10016ad46d464afaffe57a
parentbc51ed8f4be2cf23a1e26093f4c9682a2ee3a5c4 (diff)
Reserve DLA-2892-1 for golang-1.7
-rw-r--r--data/CVE/list.20212
-rw-r--r--data/DLA/list3
-rw-r--r--data/dla-needed.txt3
3 files changed, 3 insertions, 5 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 37bb0955a2..cad05f4ffe 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -11698,7 +11698,6 @@ CVE-2021-41771 (ImportedSymbols in debug/macho (for Open or OpenFat) in Go befor
[buster] - golang-1.11 <no-dsa> (Minor issue)
- golang-1.8 <removed>
- golang-1.7 <removed>
- [stretch] - golang-1.7 <no-dsa> (Minor issue; can be fixed with the next DLA)
NOTE: https://github.com/golang/go/issues/48990
NOTE: https://groups.google.com/g/golang-announce/c/0fM21h43arc
NOTE: https://github.com/golang/go/commit/4a842985bf3f71d93a2b1340d9d6685bebc12b6b (go1.17.3)
@@ -32136,7 +32135,6 @@ CVE-2021-33196 (In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a
[buster] - golang-1.11 <no-dsa> (Minor issue)
- golang-1.8 <removed>
- golang-1.7 <removed>
- [stretch] - golang-1.7 <postponed> (Minor issue, OOM, requires rebuilding reverse-dependencies)
NOTE: https://github.com/golang/go/issues/46242
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33912
NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
diff --git a/data/DLA/list b/data/DLA/list
index 0e50636ad6..f956513fef 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[21 Jan 2022] DLA-2892-1 golang-1.7 - security update
+ {CVE-2021-33196 CVE-2021-36221 CVE-2021-39293 CVE-2021-41771 CVE-2021-44716 CVE-2021-44717}
+ [stretch] - golang-1.7 1.7.4-2+deb9u4
[21 Jan 2022] DLA-2891-1 golang-1.8 - security update
{CVE-2021-33196 CVE-2021-36221 CVE-2021-39293 CVE-2021-41771 CVE-2021-44716 CVE-2021-44717}
[stretch] - golang-1.8 1.8.1-1+deb9u4
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index ea284c947e..b24d69f9ec 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -50,9 +50,6 @@ gif2apng
NOTE: 20220114: orphaned package with inactive upstream, maybe coordinate with Debian QA to write our own patches (Beuc)
NOTE: 20220114: CVEs unrelated to apng2gif's (Beuc)
--
-golang-1.7 (Sylvain Beucler)
- NOTE: 20220114: harmonize with bullseye-11.2 (CVE-2021-36221 CVE-2021-39293 CVE-2021-41771 CVE-2021-44716 CVE-2021-44717) (Beuc)
---
gpac (Roberto C. Sánchez)
NOTE: 20211101: coordinating with secteam for s-p-u since stretch/buster versions match (roberto)
NOTE: 20211120: received OK from secteam for buster update, working on stretch/buster in parallel (roberto)

© 2014-2022 Faster IT GmbH | imprint | privacy policy