AVG-1358 log

Package mattermost
Status Fixed
Severity Medium
Type incorrect calculation
Affected 5.26.1-1
Fixed 5.26.2-1
Current 5.39.2-1 [community]
Ticket None
Created Mon Dec 14 20:18:13 2020
Issue Severity Remote Type Description
CVE-2020-29511 Medium No Incorrect calculation
Go's encoding/xml handles namespace prefixes on XML elements in a way that causes crafted markup to mutate during round-trips through the xml.Decoder and...
CVE-2020-29510 Medium Yes Incorrect calculation
Go's encoding/xml handles XML directives in a way that causes crafted markup to mutate during round-trips through the xml.Decoder and xml.Encoder...
CVE-2020-29509 Medium Yes Incorrect calculation
Go's encoding/xml handles namespace prefixes on XML attributes in a way that causes crafted markup to mutate during round-trips through the xml.Decoder and...
References
https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
https://mattermost.com/security-updates/
https://docs.mattermost.com/administration/changelog.html#release-v5-26-feature-release