diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2021-02-28 13:25:47 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-02-28 13:25:47 +0100 |
| commit | bdc35d4e11dd7e30334169b7d9b0882557d038d5 (patch) | |
| tree | 636dd88f825419214ef871bb4474646c5d77640b /data/CVE/list.2020 | |
| parent | 44804e917a30c695636539a8584a5deaacaa6031 (diff) | |
Update information for CVE-2020-29509 and track golang-github-russellhaering-gosaml2
Diffstat (limited to 'data/CVE/list.2020')
| -rw-r--r-- | data/CVE/list.2020 | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index c83326395a..26c6d05766 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -3198,12 +3198,13 @@ CVE-2020-29510 (The encoding/xml package in Go versions 1.15 and earlier does no NOTE: https://github.com/golang/go/issues/43168 NOTE: https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/ CVE-2020-29509 (The encoding/xml package in Go (all versions) does not correctly prese ...) - - golang-1.15 <unfixed> - - golang-1.11 <removed> - - golang-1.8 <removed> - [stretch] - golang-1.8 <ignored> (deemed unfixable by upstream who shifts responsibility to saml packages we don't ship) - - golang-1.7 <removed> - [stretch] - golang-1.7 <ignored> (deemed unfixable by upstream who shifts responsibility to saml packages we don't ship) + - golang-github-russellhaering-gosaml2 <itp> (bug #948190) + - golang-1.15 <unfixed> (unimportant) + - golang-1.11 <removed> (unimportant) + - golang-1.8 <removed> (unimportant) + - golang-1.7 <removed> (unimportant) + NOTE: Golang upstream does not consider the issue to be fixable in Go, instread + NOTE: shifts responsibility to saml packages. NOTE: https://github.com/golang/go/issues/43168 NOTE: https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/ NOTE: https://github.com/russellhaering/gosaml2/security/advisories/GHSA-xhqq-x44f-9fgg |