TEMP-0000000-F22D51

NameTEMP-0000000-F22D51
DescriptionSSLMate go-pkcs12: Authentication bypass in Decode functions
SourceAutomatically generated temporary name. Not for external reference.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
golang-sslmate-src-go-pkcs12 (PTS)bookworm0.0~git20210415.c5206de-2fixed
trixie0.5.0-1fixed
sid, forky0.7.2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
golang-sslmate-src-go-pkcs12sourcebookworm(not affected)
golang-sslmate-src-go-pkcs12sourcetrixie(not affected)
golang-sslmate-src-go-pkcs12source(unstable)0.7.2-1

Notes

[trixie] - golang-sslmate-src-go-pkcs12 <not-affected> (Vulnerable code not present)
[bookworm] - golang-sslmate-src-go-pkcs12 <not-affected> (Vulnerable code not present)
https://github.com/SSLMate/go-pkcs12/security/advisories/GHSA-mpwr-8vm7-h73f
Introduced with: https://github.com/SSLMate/go-pkcs12/commit/3ac7bcc8013d211e15bf25d0576c712a723d29d1 (v0.6.0)
Fixed by: https://github.com/SSLMate/go-pkcs12/commit/03c441f6b0267f695ca02464133c0b373bf4dd55 (v0.7.2)
Search for package or bug name: Reporting problems