SUSE has issued an advisory today (January 26): https://lists.suse.com/pipermail/sle-security-updates/2021-January/008246.html The issues are fixed upstream in 1.15.7. Mageia 7 may also be affected.
Whiteboard: (none) => MGA7TOOStatus comment: (none) => Fixed upstream in 1.15.7
patches added in cauldron.
Version: Cauldron => 7Whiteboard: MGA7TOO => (none)CC: (none) => mageia
Hi, thanks for reporting this. Assigned to the package maintainer. (Please set the status to 'assigned' if you are working on it)
Assignee: bugsquad => joequantCVE: (none) => CVE-2021-3114, CVE-2021-3115Source RPM: golang-1.15.6-1.mga8.src.rpm => golang-1.13.15-3.mga7.src.rpmCC: (none) => ouaurelien
openSUSE has issued an advisory for this today (January 30): https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5JVN2JM5TB7JXDFH25XPTVDVURPTQ3WB/
Debian has issued an advisory for the first of these issues on February 8: https://www.debian.org/security/2021/dsa-4848 They backported the fix to 1.11.x.
Depends on: (none) => 29037
https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/
Status: NEW => RESOLVEDResolution: (none) => OLD