From 1176d97c9bb51cdf9e420d3407daba23cfd3c2f5 Mon Sep 17 00:00:00 2001
From: Sylvain Beucler <beuc@beuc.net>
Date: Tue, 2 Mar 2021 18:48:43 +0100
Subject: CVE-2017-15041/golang: reference regression

---
 data/CVE/2017.list | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 970a6f66b4..19daab647c 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -11133,8 +11133,9 @@ CVE-2017-15041 (Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote co
 	[jessie] - golang <ignored> (Minor issue)
 	NOTE: https://go.googlesource.com/go/+/a4544a0f8af001d1fb6df0e70750f570ec49ccf9%5E%21/
 	NOTE: https://github.com/golang/go/issues/22125
-	NOTE: https://golang.org/cl/68022
-	NOTE: https://golang.org/cl/68190
+	NOTE: https://golang.org/cl/68022 (1.9.x)
+	NOTE: https://golang.org/cl/68190 (1.8.x)
+	NOTE: https://github.com/golang/go/commit/533ee44cd45c064608ee2b833af9e86ef1cb294e (regression)
 	NOTE: https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ
 CVE-2017-15040
 	RESERVED
-- 
cgit v1.2.3