Re: Update information about golang packages

To: "Dr. Tobias Quathamer" <toddy@debian.org>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: Update information about golang packages
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 15 Dec 2018 08:21:31 +0100
Message-id: <[🔎] 20181215071635.GA10599@eldamar.local>
Mail-followup-to: "Dr. Tobias Quathamer" <toddy@debian.org>, debian-security-tracker@lists.debian.org
In-reply-to: <[🔎] 9728d587-3ada-00cb-36f5-ef69926e88e1@debian.org>
References: <[🔎] 9728d587-3ada-00cb-36f5-ef69926e88e1@debian.org>

Hi Tobias,

On Fri, Dec 14, 2018 at 10:44:35PM +0100, Dr. Tobias Quathamer wrote:
> Hi,
> 
> the recent uploads of golang-1.10 (version 1.10.6-1) and golang-1.11
> (version 1.11.3-1) include the fixes for the CVEs assigned to those
> packages, namely:
> 
> CVE-2018-16875
> CVE-2018-16874
> CVE-2018-16873
> 
> Unfortunately, those CVS numbers have not been included in d/changelog,
> so the automatic sync didn't happen. Could you please adjust the fixed
> versions in security-tracker.d.o? Thanks!

Thanks for the heads-up! There is actually never an automatic sync, as
we double check such updates (but a CVE reference in changelog
helps/gives hints).

I have now updated the tracker entries, and should show the fixed
versions soon.

Regards,
Salvatore

Reply to:

References:
- Update information about golang packages
  - From: "Dr. Tobias Quathamer" <toddy@debian.org>

Prev by Date: External check
Next by Date: External check
Previous by thread: Update information about golang packages
Index(es):
- Date
- Thread