diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-02-28 13:25:47 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-02-28 13:25:47 +0100 |
commit | 014459cc50cd063b7bbdf0db6861dc20c967a493 (patch) | |
tree | 4f279b3ff56e95caaca87a0fe9899c97f7176aa1 /data/CVE/2020.list | |
parent | 754ca004defb2e0f2bb418e88155e70b7ba2f6cc (diff) |
Update information for CVE-2020-29509 and track golang-github-russellhaering-gosaml2
Diffstat (limited to 'data/CVE/2020.list')
-rw-r--r-- | data/CVE/2020.list | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list index c83326395a..26c6d05766 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -3198,12 +3198,13 @@ CVE-2020-29510 (The encoding/xml package in Go versions 1.15 and earlier does no NOTE: https://github.com/golang/go/issues/43168 NOTE: https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/ CVE-2020-29509 (The encoding/xml package in Go (all versions) does not correctly prese ...) - - golang-1.15 <unfixed> - - golang-1.11 <removed> - - golang-1.8 <removed> - [stretch] - golang-1.8 <ignored> (deemed unfixable by upstream who shifts responsibility to saml packages we don't ship) - - golang-1.7 <removed> - [stretch] - golang-1.7 <ignored> (deemed unfixable by upstream who shifts responsibility to saml packages we don't ship) + - golang-github-russellhaering-gosaml2 <itp> (bug #948190) + - golang-1.15 <unfixed> (unimportant) + - golang-1.11 <removed> (unimportant) + - golang-1.8 <removed> (unimportant) + - golang-1.7 <removed> (unimportant) + NOTE: Golang upstream does not consider the issue to be fixable in Go, instread + NOTE: shifts responsibility to saml packages. NOTE: https://github.com/golang/go/issues/43168 NOTE: https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/ NOTE: https://github.com/russellhaering/gosaml2/security/advisories/GHSA-xhqq-x44f-9fgg |