AVG-1358 log

Package	mattermost
Status	Fixed
Severity	Medium
Type	incorrect calculation
Affected	5.26.1-1
Fixed	5.26.2-1
Current	11.1.1-1 [extra]
Ticket	None
Created	Mon Dec 14 20:18:13 2020

Issue	Severity	Remote	Type	Description
CVE-2020-29511	Medium	No	Incorrect calculation	Go's encoding/xml handles namespace prefixes on XML elements in a way that causes crafted markup to mutate during round-trips through the xml.Decoder and...
CVE-2020-29510	Medium	Yes	Incorrect calculation	Go's encoding/xml handles XML directives in a way that causes crafted markup to mutate during round-trips through the xml.Decoder and xml.Encoder...
CVE-2020-29509	Medium	Yes	Incorrect calculation	Go's encoding/xml handles namespace prefixes on XML attributes in a way that causes crafted markup to mutate during round-trips through the xml.Decoder and...

Issue

Severity

Remote

Type

Description

CVE-2020-29511

Medium

Incorrect calculation

Go's encoding/xml handles namespace prefixes on XML elements in a way that causes crafted markup to mutate during round-trips through the xml.Decoder and...

CVE-2020-29510

Medium

Yes

Incorrect calculation

Go's encoding/xml handles XML directives in a way that causes crafted markup to mutate during round-trips through the xml.Decoder and xml.Encoder...

CVE-2020-29509

Medium

Yes

Incorrect calculation

Go's encoding/xml handles namespace prefixes on XML attributes in a way that causes crafted markup to mutate during round-trips through the xml.Decoder and...

References
https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/ https://mattermost.com/security-updates/ https://docs.mattermost.com/administration/changelog.html#release-v5-26-feature-release

References

https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
https://mattermost.com/security-updates/
https://docs.mattermost.com/administration/changelog.html#release-v5-26-feature-release