Ubuntu CVE Tracker

Merge ~zhsj/ubuntu-cve-tracker:golang-20230413 into ubuntu-cve-tracker:master

  1. Git
  2. lp:~zhsj/ubuntu-cve-tracker
  3. golang-20230413
  4. Merge into master
Proposed by Shengjing Zhu
Status: Rejected
Rejected by: David Fernandez Gonzalez
Proposed branch: ~zhsj/ubuntu-cve-tracker:golang-20230413
Merge into: ubuntu-cve-tracker:master
Diff against target: 485 lines (+267/-66)
2 files modified
active/CVE-2022-41717 (+157/-31)
active/CVE-2022-41720 (+110/-35)
Reviewer Review Type Date Requested Status
David Fernandez Gonzalez Needs Fixing
Review via email: mp+440947@code.launchpad.net
To post a comment you must log in.
Revision history for this message
David Fernandez Gonzalez (litios) wrote :

Thanks for the triage information!

The same changes requested in https://code.launchpad.net/~zhsj/ubuntu-cve-tracker/+git/ubuntu-cve-tracker/+merge/440855 apply to this PR.

review: Needs Fixing
Revision history for this message
David Fernandez Gonzalez (litios) wrote :

Added in: 364a5b49f54e5c111cb7989c72b7edacdac6092d

Unmerged commits

e554904... by Shengjing Zhu

Triage CVE-2022-41717 CVE-2022-41720 for golang

CVE-2022-41720 affects code cross compiled for Windows.

Signed-off-by: Shengjing Zhu <email address hidden>

Succeeded
[SUCCEEDED] unit-tests:0 (build)
[SUCCEEDED] check-cves:0 (build)
12 of 2 results FirstPreviousNextLast

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/active/CVE-2022-41717 b/active/CVE-2022-41717
2index 83ae2fc..1e56ad1 100644
3--- a/active/CVE-2022-41717
4+++ b/active/CVE-2022-41717
5@@ -33,100 +33,226 @@ CVSS:
6 Patches_golang:
7 upstream_golang: needs-triage
8 trusty_golang: ignored (out of standard support)
9-xenial_golang: ignored (out of standard support)
10+trusty/esm_golang: DNE
11+xenial_golang: DNE
12+esm-apps/xenial_golang: DNE
13+esm-infra/xenial_golang: DNE
14 bionic_golang: DNE
15+esm-apps/bionic_golang: DNE
16 focal_golang: DNE
17+esm-apps/focal_golang: DNE
18 jammy_golang: DNE
19+esm-apps/jammy_golang: DNE
20 kinetic_golang: DNE
21+devel_golang: DNE
22
23 Patches_golang-1.6:
24 upstream_golang-1.6: needs-triage
25-esm-infra/xenial_golang-1.6: needs-triage
26 trusty_golang-1.6: ignored (out of standard support)
27-xenial_golang-1.6: ignored (end of standard support)
28+trusty/esm_golang-1.6: DNE
29+xenial_golang-1.6: ignored (out of standard support)
30+esm-apps/xenial_golang-1.6: DNE
31+esm-infra/xenial_golang-1.6: needed
32 bionic_golang-1.6: DNE
33+esm-apps/bionic_golang-1.6: DNE
34 focal_golang-1.6: DNE
35+esm-apps/focal_golang-1.6: DNE
36 jammy_golang-1.6: DNE
37+esm-apps/jammy_golang-1.6: DNE
38 kinetic_golang-1.6: DNE
39+devel_golang-1.6: DNE
40
41 Patches_golang-1.8:
42 upstream_golang-1.8: needs-triage
43 trusty_golang-1.8: DNE
44+trusty/esm_golang-1.8: DNE
45 xenial_golang-1.8: DNE
46-bionic_golang-1.8: needs-triage
47-esm-apps/bionic_golang-1.8: needs-triage
48+esm-apps/xenial_golang-1.8: DNE
49+esm-infra/xenial_golang-1.8: DNE
50+bionic_golang-1.8: needed
51+esm-apps/bionic_golang-1.8: needed
52 focal_golang-1.8: DNE
53+esm-apps/focal_golang-1.8: DNE
54 jammy_golang-1.8: DNE
55+esm-apps/jammy_golang-1.8: DNE
56 kinetic_golang-1.8: DNE
57+devel_golang-1.8: DNE
58
59 Patches_golang-1.9:
60 upstream_golang-1.9: needs-triage
61 trusty_golang-1.9: DNE
62+trusty/esm_golang-1.9: DNE
63 xenial_golang-1.9: DNE
64-bionic_golang-1.9: needs-triage
65-esm-apps/bionic_golang-1.9: needs-triage
66+esm-apps/xenial_golang-1.9: DNE
67+esm-infra/xenial_golang-1.9: DNE
68+bionic_golang-1.9: needed
69+esm-apps/bionic_golang-1.9: needed
70 focal_golang-1.9: DNE
71+esm-apps/focal_golang-1.9: DNE
72 jammy_golang-1.9: DNE
73+esm-apps/jammy_golang-1.9: DNE
74 kinetic_golang-1.9: DNE
75+devel_golang-1.9: DNE
76
77 Patches_golang-1.10:
78 upstream_golang-1.10: needs-triage
79-esm-infra/xenial_golang-1.10: needs-triage
80 trusty_golang-1.10: ignored (out of standard support)
81-xenial_golang-1.10: ignored (end of standard support)
82-bionic_golang-1.10: needs-triage
83+trusty/esm_golang-1.10: needed
84+xenial_golang-1.10: ignored (out of standard support)
85+esm-apps/xenial_golang-1.10: DNE
86+esm-infra/xenial_golang-1.10: needed
87+bionic_golang-1.10: needed
88+esm-apps/bionic_golang-1.10: DNE
89 focal_golang-1.10: DNE
90+esm-apps/focal_golang-1.10: DNE
91 jammy_golang-1.10: DNE
92+esm-apps/jammy_golang-1.10: DNE
93 kinetic_golang-1.10: DNE
94-trusty/esm_golang-1.10: needs-triage
95+devel_golang-1.10: DNE
96
97 Patches_golang-1.13:
98 upstream_golang-1.13: needs-triage
99 trusty_golang-1.13: DNE
100-xenial_golang-1.13: ignored (end of standard support)
101-esm-apps/xenial_golang-1.13: needs-triage
102-bionic_golang-1.13: needs-triage
103-esm-apps/bionic_golang-1.13: needs-triage
104-focal_golang-1.13: needs-triage
105-jammy_golang-1.13: needs-triage
106-esm-apps/jammy_golang-1.13: needs-triage
107-kinetic_golang-1.13: needs-triage
108+trusty/esm_golang-1.13: DNE
109+xenial_golang-1.13: ignored (out of standard support)
110+esm-apps/xenial_golang-1.13: needed
111+esm-infra/xenial_golang-1.13: DNE
112+bionic_golang-1.13: needed
113+esm-apps/bionic_golang-1.13: needed
114+focal_golang-1.13: needed
115+esm-apps/focal_golang-1.13: DNE
116+jammy_golang-1.13: needed
117+esm-apps/jammy_golang-1.13: needed
118+kinetic_golang-1.13: needed
119 devel_golang-1.13: DNE
120
121 Patches_golang-1.14:
122 upstream_golang-1.14: needs-triage
123 trusty_golang-1.14: DNE
124+trusty/esm_golang-1.14: DNE
125 xenial_golang-1.14: DNE
126+esm-apps/xenial_golang-1.14: DNE
127+esm-infra/xenial_golang-1.14: DNE
128 bionic_golang-1.14: DNE
129-focal_golang-1.14: needs-triage
130+esm-apps/bionic_golang-1.14: DNE
131+focal_golang-1.14: needed
132+esm-apps/focal_golang-1.14: DNE
133 jammy_golang-1.14: DNE
134+esm-apps/jammy_golang-1.14: DNE
135 kinetic_golang-1.14: DNE
136+devel_golang-1.14: DNE
137
138 Patches_golang-1.16:
139 upstream_golang-1.16: needs-triage
140-trusty_golang-1.16: ignored (out of standard support)
141-xenial_golang-1.16: ignored (out of standard support)
142-bionic_golang-1.16: needs-triage
143-focal_golang-1.16: needs-triage
144-esm-apps/focal_golang-1.16: needs-triage
145+trusty_golang-1.16: DNE
146+trusty/esm_golang-1.16: DNE
147+xenial_golang-1.16: DNE
148+esm-apps/xenial_golang-1.16: DNE
149+esm-infra/xenial_golang-1.16: DNE
150+bionic_golang-1.16: needed
151+esm-apps/bionic_golang-1.16: DNE
152+focal_golang-1.16: needed
153+esm-apps/focal_golang-1.16: needed
154 jammy_golang-1.16: DNE
155+esm-apps/jammy_golang-1.16: DNE
156 kinetic_golang-1.16: DNE
157+devel_golang-1.16: DNE
158
159 Patches_golang-1.17:
160 upstream_golang-1.17: needs-triage
161-trusty_golang-1.17: ignored (out of standard support)
162-xenial_golang-1.17: ignored (out of standard support)
163+trusty_golang-1.17: DNE
164+trusty/esm_golang-1.17: DNE
165+xenial_golang-1.17: DNE
166+esm-apps/xenial_golang-1.17: DNE
167+esm-infra/xenial_golang-1.17: DNE
168 bionic_golang-1.17: DNE
169+esm-apps/bionic_golang-1.17: DNE
170 focal_golang-1.17: DNE
171-jammy_golang-1.17: needs-triage
172+esm-apps/focal_golang-1.17: DNE
173+jammy_golang-1.17: needed
174+esm-apps/jammy_golang-1.17: DNE
175 kinetic_golang-1.17: DNE
176+devel_golang-1.17: DNE
177
178 Patches_golang-1.18:
179-upstream_golang-1.18: needs-triage
180-trusty_golang-1.18: ignored (out of standard support)
181-xenial_golang-1.18: ignored (out of standard support)
182+ upstream: https://github.com/golang/go/commit/76cad4edc29d28432a7a0aa27e87385d3d7db7a1
183+upstream_golang-1.18: released (1.18.9-1)
184+trusty_golang-1.18: DNE
185+trusty/esm_golang-1.18: DNE
186+xenial_golang-1.18: DNE
187+esm-apps/xenial_golang-1.18: DNE
188+esm-infra/xenial_golang-1.18: DNE
189 bionic_golang-1.18: needed
190+esm-apps/bionic_golang-1.18: DNE
191 focal_golang-1.18: needed
192+esm-apps/focal_golang-1.18: DNE
193 jammy_golang-1.18: needed
194+esm-apps/jammy_golang-1.18: DNE
195 kinetic_golang-1.18: DNE
196 devel_golang-1.18: DNE
197+
198+Patches_golang-1.19:
199+ upstream: https://github.com/golang/go/commit/618120c165669c00a1606505defea6ca755cdc27
200+upstream_golang-1.19: released (1.19.4-1)
201+trusty_golang-1.19: DNE
202+trusty/esm_golang-1.19: DNE
203+xenial_golang-1.19: DNE
204+esm-apps/xenial_golang-1.19: DNE
205+esm-infra/xenial_golang-1.19: DNE
206+bionic_golang-1.19: DNE
207+esm-apps/bionic_golang-1.19: DNE
208+focal_golang-1.19: DNE
209+esm-apps/focal_golang-1.19: DNE
210+jammy_golang-1.19: DNE
211+esm-apps/jammy_golang-1.19: DNE
212+kinetic_golang-1.19: needed
213+devel_golang-1.19: not-affected (1.19.8-1)
214+
215+Patches_golang-golang-x-net:
216+ upstream: https://github.com/golang/net/commit/1e63c2f08a10a150fa02c50ece89b340ae64efe4
217+upstream_golang-golang-x-net: released (1:0.4.0+dfsg-1)
218+trusty_golang-golang-x-net: DNE
219+trusty/esm_golang-golang-x-net: DNE
220+xenial_golang-golang-x-net: DNE
221+esm-apps/xenial_golang-golang-x-net: DNE
222+esm-infra/xenial_golang-golang-x-net: DNE
223+bionic_golang-golang-x-net: DNE
224+esm-apps/bionic_golang-golang-x-net: DNE
225+focal_golang-golang-x-net: DNE
226+esm-apps/focal_golang-golang-x-net: DNE
227+jammy_golang-golang-x-net: needed
228+esm-apps/jammy_golang-golang-x-net: needed
229+kinetic_golang-golang-x-net: needed
230+devel_golang-golang-x-net: not-affected (1:0.7.0+dfsg-1)
231+
232+Patches_golang-golang-x-net-dev:
233+upstream_golang-golang-x-net-dev: needs-triage
234+trusty_golang-golang-x-net-dev: DNE
235+trusty/esm_golang-golang-x-net-dev: DNE
236+xenial_golang-golang-x-net-dev: ignored (out of standard support)
237+esm-apps/xenial_golang-golang-x-net-dev: DNE
238+esm-infra/xenial_golang-golang-x-net-dev: needed
239+bionic_golang-golang-x-net-dev: needed
240+esm-apps/bionic_golang-golang-x-net-dev: needed
241+focal_golang-golang-x-net-dev: needed
242+esm-apps/focal_golang-golang-x-net-dev: needed
243+jammy_golang-golang-x-net-dev: DNE
244+esm-apps/jammy_golang-golang-x-net-dev: DNE
245+kinetic_golang-golang-x-net-dev: DNE
246+devel_golang-golang-x-net-dev: DNE
247+
248+Patches_google-guest-agent:
249+upstream_google-guest-agent: needs-triage
250+trusty_google-guest-agent: DNE
251+trusty/esm_google-guest-agent: DNE
252+xenial_google-guest-agent: ignored (out of standard support)
253+esm-apps/xenial_google-guest-agent: needs-triage
254+esm-infra/xenial_google-guest-agent: DNE
255+bionic_google-guest-agent: needs-triage
256+esm-apps/bionic_google-guest-agent: needs-triage
257+focal_google-guest-agent: needs-triage
258+esm-apps/focal_google-guest-agent: needs-triage
259+jammy_google-guest-agent: needs-triage
260+esm-apps/jammy_google-guest-agent: DNE
261+kinetic_google-guest-agent: needs-triage
262+devel_google-guest-agent: needs-triage
263diff --git a/active/CVE-2022-41720 b/active/CVE-2022-41720
264index 43a1fe2..a5e48f4 100644
265--- a/active/CVE-2022-41720
266+++ b/active/CVE-2022-41720
267@@ -24,7 +24,7 @@ Notes:
268 mdeslaur> vulnerability has been fixed. This CVE entry does not
269 mdeslaur> list packages that need rebuilding outside of the main
270 mdeslaur> repository or the Ubuntu variants with PPA overlays.
271- alexmurray> Only affects golang on Windows
272+ zhsj> Only affects code cross compiled on Ubuntu for Windows binaries
273 Mitigation:
274 Bugs:
275 Priority: medium
276@@ -36,100 +36,175 @@ CVSS:
277 Patches_golang:
278 upstream_golang: needs-triage
279 trusty_golang: ignored (out of standard support)
280-xenial_golang: ignored (out of standard support)
281+trusty/esm_golang: DNE
282+xenial_golang: DNE
283+esm-apps/xenial_golang: DNE
284+esm-infra/xenial_golang: DNE
285 bionic_golang: DNE
286+esm-apps/bionic_golang: DNE
287 focal_golang: DNE
288+esm-apps/focal_golang: DNE
289 jammy_golang: DNE
290+esm-apps/jammy_golang: DNE
291 kinetic_golang: DNE
292+devel_golang: DNE
293
294 Patches_golang-1.6:
295 upstream_golang-1.6: needs-triage
296-esm-infra/xenial_golang-1.6: not-affected (windows only)
297 trusty_golang-1.6: ignored (out of standard support)
298-xenial_golang-1.6: ignored (end of standard support)
299+trusty/esm_golang-1.6: DNE
300+xenial_golang-1.6: ignored (out of standard support)
301+esm-apps/xenial_golang-1.6: DNE
302+esm-infra/xenial_golang-1.6: needed
303 bionic_golang-1.6: DNE
304+esm-apps/bionic_golang-1.6: DNE
305 focal_golang-1.6: DNE
306+esm-apps/focal_golang-1.6: DNE
307 jammy_golang-1.6: DNE
308+esm-apps/jammy_golang-1.6: DNE
309 kinetic_golang-1.6: DNE
310+devel_golang-1.6: DNE
311
312 Patches_golang-1.8:
313 upstream_golang-1.8: needs-triage
314 trusty_golang-1.8: DNE
315+trusty/esm_golang-1.8: DNE
316 xenial_golang-1.8: DNE
317-bionic_golang-1.8: not-affected (windows only)
318-esm-apps/bionic_golang-1.8: not-affected (windows only)
319+esm-apps/xenial_golang-1.8: DNE
320+esm-infra/xenial_golang-1.8: DNE
321+bionic_golang-1.8: needed
322+esm-apps/bionic_golang-1.8: needed
323 focal_golang-1.8: DNE
324+esm-apps/focal_golang-1.8: DNE
325 jammy_golang-1.8: DNE
326+esm-apps/jammy_golang-1.8: DNE
327 kinetic_golang-1.8: DNE
328+devel_golang-1.8: DNE
329
330 Patches_golang-1.9:
331 upstream_golang-1.9: needs-triage
332 trusty_golang-1.9: DNE
333+trusty/esm_golang-1.9: DNE
334 xenial_golang-1.9: DNE
335-bionic_golang-1.9: not-affected (windows only)
336-esm-apps/bionic_golang-1.9: not-affected (windows only)
337+esm-apps/xenial_golang-1.9: DNE
338+esm-infra/xenial_golang-1.9: DNE
339+bionic_golang-1.9: needed
340+esm-apps/bionic_golang-1.9: needed
341 focal_golang-1.9: DNE
342+esm-apps/focal_golang-1.9: DNE
343 jammy_golang-1.9: DNE
344+esm-apps/jammy_golang-1.9: DNE
345 kinetic_golang-1.9: DNE
346+devel_golang-1.9: DNE
347
348 Patches_golang-1.10:
349 upstream_golang-1.10: needs-triage
350-esm-infra/xenial_golang-1.10: not-affected (windows only)
351 trusty_golang-1.10: ignored (out of standard support)
352-xenial_golang-1.10: ignored (end of standard support)
353-bionic_golang-1.10: not-affected (windows only)
354+trusty/esm_golang-1.10: needed
355+xenial_golang-1.10: ignored (out of standard support)
356+esm-apps/xenial_golang-1.10: DNE
357+esm-infra/xenial_golang-1.10: needed
358+bionic_golang-1.10: needed
359+esm-apps/bionic_golang-1.10: DNE
360 focal_golang-1.10: DNE
361+esm-apps/focal_golang-1.10: DNE
362 jammy_golang-1.10: DNE
363+esm-apps/jammy_golang-1.10: DNE
364 kinetic_golang-1.10: DNE
365-trusty/esm_golang-1.10: not-affected (windows only)
366+devel_golang-1.10: DNE
367
368 Patches_golang-1.13:
369 upstream_golang-1.13: needs-triage
370 trusty_golang-1.13: DNE
371-xenial_golang-1.13: ignored (end of standard support)
372-esm-apps/xenial_golang-1.13: not-affected (windows only)
373-bionic_golang-1.13: not-affected (windows only)
374-esm-apps/bionic_golang-1.13: not-affected (windows only)
375-focal_golang-1.13: not-affected (windows only)
376-jammy_golang-1.13: not-affected (windows only)
377-esm-apps/jammy_golang-1.13: not-affected (windows only)
378-kinetic_golang-1.13: not-affected (windows only)
379+trusty/esm_golang-1.13: DNE
380+xenial_golang-1.13: ignored (out of standard support)
381+esm-apps/xenial_golang-1.13: needed
382+esm-infra/xenial_golang-1.13: DNE
383+bionic_golang-1.13: needed
384+esm-apps/bionic_golang-1.13: needed
385+focal_golang-1.13: needed
386+esm-apps/focal_golang-1.13: DNE
387+jammy_golang-1.13: needed
388+esm-apps/jammy_golang-1.13: needed
389+kinetic_golang-1.13: needed
390 devel_golang-1.13: DNE
391
392 Patches_golang-1.14:
393 upstream_golang-1.14: needs-triage
394 trusty_golang-1.14: DNE
395+trusty/esm_golang-1.14: DNE
396 xenial_golang-1.14: DNE
397+esm-apps/xenial_golang-1.14: DNE
398+esm-infra/xenial_golang-1.14: DNE
399 bionic_golang-1.14: DNE
400-focal_golang-1.14: not-affected (windows only)
401+esm-apps/bionic_golang-1.14: DNE
402+focal_golang-1.14: needed
403+esm-apps/focal_golang-1.14: DNE
404 jammy_golang-1.14: DNE
405+esm-apps/jammy_golang-1.14: DNE
406 kinetic_golang-1.14: DNE
407+devel_golang-1.14: DNE
408
409 Patches_golang-1.16:
410 upstream_golang-1.16: needs-triage
411-trusty_golang-1.16: ignored (out of standard support)
412-xenial_golang-1.16: ignored (out of standard support)
413-bionic_golang-1.16: not-affected (windows only)
414-focal_golang-1.16: not-affected (windows only)
415-esm-apps/focal_golang-1.16: not-affected (windows only)
416+trusty_golang-1.16: DNE
417+trusty/esm_golang-1.16: DNE
418+xenial_golang-1.16: DNE
419+esm-apps/xenial_golang-1.16: DNE
420+esm-infra/xenial_golang-1.16: DNE
421+bionic_golang-1.16: needed
422+esm-apps/bionic_golang-1.16: DNE
423+focal_golang-1.16: needed
424+esm-apps/focal_golang-1.16: needed
425 jammy_golang-1.16: DNE
426+esm-apps/jammy_golang-1.16: DNE
427 kinetic_golang-1.16: DNE
428+devel_golang-1.16: DNE
429
430 Patches_golang-1.17:
431 upstream_golang-1.17: needs-triage
432-trusty_golang-1.17: ignored (out of standard support)
433-xenial_golang-1.17: ignored (out of standard support)
434+trusty_golang-1.17: DNE
435+trusty/esm_golang-1.17: DNE
436+xenial_golang-1.17: DNE
437+esm-apps/xenial_golang-1.17: DNE
438+esm-infra/xenial_golang-1.17: DNE
439 bionic_golang-1.17: DNE
440+esm-apps/bionic_golang-1.17: DNE
441 focal_golang-1.17: DNE
442-jammy_golang-1.17: not-affected (windows only)
443+esm-apps/focal_golang-1.17: DNE
444+jammy_golang-1.17: needed
445+esm-apps/jammy_golang-1.17: DNE
446 kinetic_golang-1.17: DNE
447+devel_golang-1.17: DNE
448
449 Patches_golang-1.18:
450-upstream_golang-1.18: needs-triage
451-trusty_golang-1.18: ignored (out of standard support)
452-xenial_golang-1.18: ignored (out of standard support)
453-bionic_golang-1.18: not-affected (windows only)
454-focal_golang-1.18: not-affected (windows only)
455-jammy_golang-1.18: not-affected (windows only)
456+upstream_golang-1.18: released (1.18.9-1)
457+trusty_golang-1.18: DNE
458+trusty/esm_golang-1.18: DNE
459+xenial_golang-1.18: DNE
460+esm-apps/xenial_golang-1.18: DNE
461+esm-infra/xenial_golang-1.18: DNE
462+bionic_golang-1.18: needed
463+esm-apps/bionic_golang-1.18: DNE
464+focal_golang-1.18: needed
465+esm-apps/focal_golang-1.18: DNE
466+jammy_golang-1.18: needed
467+esm-apps/jammy_golang-1.18: DNE
468 kinetic_golang-1.18: DNE
469 devel_golang-1.18: DNE
470+
471+Patches_golang-1.19:
472+upstream_golang-1.19: released (1.19.4-1)
473+trusty_golang-1.19: DNE
474+trusty/esm_golang-1.19: DNE
475+xenial_golang-1.19: DNE
476+esm-apps/xenial_golang-1.19: DNE
477+esm-infra/xenial_golang-1.19: DNE
478+bionic_golang-1.19: DNE
479+esm-apps/bionic_golang-1.19: DNE
480+focal_golang-1.19: DNE
481+esm-apps/focal_golang-1.19: DNE
482+jammy_golang-1.19: DNE
483+esm-apps/jammy_golang-1.19: DNE
484+kinetic_golang-1.19: needs-triage
485+devel_golang-1.19: not-affected (1.19.8-1)

Subscribers

People subscribed via source and target branches