diff options
| author | Shengjing Zhu <zhsj@debian.org> | 2022-02-11 23:22:07 +0800 |
|---|---|---|
| committer | Shengjing Zhu <zhsj@debian.org> | 2022-02-11 23:23:03 +0800 |
| commit | 24b66d1170de720f320e4fb6b24e61288d09c4e7 (patch) | |
| tree | 4b838f9d59765426a3b56f05b27d61463da5fcbb /data | |
| parent | 0f0cf8f4d406cd49e1c2197ef3dd19ebdef90029 (diff) | |
Track fixed version for golang CVE-2022-23806 CVE-2022-23772 CVE-2022-23773 via unstable
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list.2022 | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index 7d9bac8a1f..d22f7058e9 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -3095,7 +3095,15 @@ CVE-2022-23807 (An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 b NOTE: https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/3 (missing 2FA packages) NOTE: 2FA support is not packaged in Debian CVE-2022-23806 (Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x bef ...) - TODO: check + - golang-1.18 <unfixed> + - golang-1.17 1.17.7-1 + - golang-1.15 <removed> + - golang-1.11 <removed> + - golang-1.8 <removed> + - golang-1.7 <removed> + NOTE: https://github.com/golang/go/issues/50974 + NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ + NOTE: https://github.com/golang/go/commit/e16331902340c02bdf1831b5508df2307b871ef6 (go1.17.7) CVE-2022-23805 (A security out-of-bounds read information disclosure vulnerability in ...) NOT-FOR-US: Trend Micro CVE-2022-23804 @@ -3201,9 +3209,25 @@ CVE-2022-23775 CVE-2022-23774 (Docker Desktop before 4.4.4 on Windows allows attackers to move arbitr ...) NOT-FOR-US: Docker Desktop CVE-2022-23773 (cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret ...) - TODO: check + - golang-1.18 <unfixed> + - golang-1.17 1.17.7-1 + - golang-1.15 <removed> + - golang-1.11 <removed> + - golang-1.8 <removed> + - golang-1.7 <removed> + NOTE: https://github.com/golang/go/issues/35671 + NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ + NOTE: https://github.com/golang/go/commit/fbcc30a2c9d076b27b4b411e2cec91ec13528081 (go1.17.7) CVE-2022-23772 (Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17. ...) - TODO: check + - golang-1.18 1.18~beta2-1 + - golang-1.17 1.17.7-1 + - golang-1.15 <removed> + - golang-1.11 <removed> + - golang-1.8 <removed> + - golang-1.7 <removed> + NOTE: https://github.com/golang/go/issues/50699 + NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ + NOTE: https://github.com/golang/go/commit/539d430efb5043cc6a2d4d4fcd2866b11717039a (go1.17.7) CVE-2022-23771 RESERVED CVE-2022-23770 |