Re: Update information about golang packages
Hi Tobias,
On Fri, Dec 14, 2018 at 10:44:35PM +0100, Dr. Tobias Quathamer wrote:
> Hi,
>
> the recent uploads of golang-1.10 (version 1.10.6-1) and golang-1.11
> (version 1.11.3-1) include the fixes for the CVEs assigned to those
> packages, namely:
>
> CVE-2018-16875
> CVE-2018-16874
> CVE-2018-16873
>
> Unfortunately, those CVS numbers have not been included in d/changelog,
> so the automatic sync didn't happen. Could you please adjust the fixed
> versions in security-tracker.d.o? Thanks!
Thanks for the heads-up! There is actually never an automatic sync, as
we double check such updates (but a CVE reference in changelog
helps/gives hints).
I have now updated the tracker entries, and should show the fixed
versions soon.
Regards,
Salvatore
Reply to: