| Summary: | golang new security issues CVE-2021-3114 and CVE-2021-3115 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | Joseph Wang <joequant> |
| Status: | RESOLVED OLD | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | mageia, ouaurelien |
| Version: | 7 | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | golang-1.13.15-3.mga7.src.rpm | CVE: | CVE-2021-3114, CVE-2021-3115 |
| Status comment: | Fixed upstream in 1.15.7 | ||
| Bug Depends on: | 29037 | ||
| Bug Blocks: | |||
|
Description
David Walser
2021-01-26 18:36:25 CET
David Walser
2021-01-26 18:36:55 CET
Whiteboard:
(none) =>
MGA7TOO patches added in cauldron. Version:
Cauldron =>
7 Hi, thanks for reporting this. Assigned to the package maintainer. (Please set the status to 'assigned' if you are working on it) Assignee:
bugsquad =>
joequant openSUSE has issued an advisory for this today (January 30): https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5JVN2JM5TB7JXDFH25XPTVDVURPTQ3WB/ Debian has issued an advisory for the first of these issues on February 8: https://www.debian.org/security/2021/dsa-4848 They backported the fix to 1.11.x.
David Walser
2021-05-30 03:47:03 CEST
Depends on:
(none) =>
29037 https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/ Status:
NEW =>
RESOLVED |