CVE-2024-28180

NameCVE-2024-28180
DescriptionPackage jose aims to provide an implementation of the Javascript Objec ...
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1065814

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
golang-github-go-jose-go-jose (PTS)trixie4.0.5-1fixed
forky, sid4.1.4-1fixed
golang-gopkg-square-go-jose.v2 (PTS)bullseye2.5.1-2vulnerable
bookworm2.6.0-2vulnerable
trixie2.6.3-3fixed
forky, sid2.6.3-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
golang-github-go-jose-go-josesource(unstable)4.0.1-11065814
golang-gopkg-square-go-jose.v2source(unstable)2.6.3-1

Notes

[bookworm] - golang-gopkg-square-go-jose.v2 <no-dsa> (Minor issue)
[bullseye] - golang-gopkg-square-go-jose.v2 <no-dsa> (Minor issue)
https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g
https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298 (v2.6.3)
https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a (v3.0.3)
https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502 (v4.0.1)
Search for package or bug name: Reporting problems