AVG-1357 log
| Package | go |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 2:1.16.7-1 |
| Fixed | 2:1.17-1 |
| Current | 2:1.25.4-1 [extra] |
| Ticket | None |
| Created | Mon Dec 14 20:05:03 2020 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-29923 | Medium | Yes | Access restriction bypass | Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to... |
| CVE-2020-29511 | Medium | No | Incorrect calculation | Go's encoding/xml handles namespace prefixes on XML elements in a way that causes crafted markup to mutate during round-trips through the xml.Decoder and... |
| CVE-2020-29510 | Medium | Yes | Incorrect calculation | Go's encoding/xml handles XML directives in a way that causes crafted markup to mutate during round-trips through the xml.Decoder and xml.Encoder... |
| CVE-2020-29509 | Medium | Yes | Incorrect calculation | Go's encoding/xml handles namespace prefixes on XML attributes in a way that causes crafted markup to mutate during round-trips through the xml.Decoder and... |