git: 82ff7e318908 - main - security/vuxml: Document Go vulnerability
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 08 Mar 2023 14:45:13 UTC
The branch main has been updated by dmgk:
URL: https://cgit.FreeBSD.org/ports/commit/?id=82ff7e3189086541f9964f6bfeb27c92edeab170
commit 82ff7e3189086541f9964f6bfeb27c92edeab170
Author: Dmitri Goutnik <dmgk@FreeBSD.org>
AuthorDate: 2023-03-08 14:43:48 +0000
Commit: Dmitri Goutnik <dmgk@FreeBSD.org>
CommitDate: 2023-03-08 14:44:44 +0000
security/vuxml: Document Go vulnerability
---
security/vuxml/vuln/2023.xml | 35 +++++++++++++++++++++++++++++++++++
1 file changed, 35 insertions(+)
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index 62b2600e5c4f..bc0e8b22645b 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -1,3 +1,38 @@
+ <vuln vid="742279d6-bdbe-11ed-a179-2b68e9d12706">
+ <topic>go -- crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results</topic>
+ <affects>
+ <package>
+ <name>go119</name>
+ <range><lt>1.19.7</lt></range>
+ </package>
+ <package>
+ <name>go120</name>
+ <range><lt>1.20.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Go project reports:</p>
+ <blockquote cite="https://go.dev/issue/58647">
+ <p>crypto/elliptic: incorrect P-256 ScalarMult and
+ ScalarBaseMult results</p>
+ <p>The ScalarMult and ScalarBaseMult methods of the P256
+ Curve may return an incorrect result if called with some
+ specific unreduced scalars (a scalar larger than the
+ order of the curve).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2023-24532</cvename>
+ <url>https://groups.google.com/g/golang-dev/c/3wmx8i5WvNY/m/AEOlccrGAwAJ</url>
+ </references>
+ <dates>
+ <discovery>2023-02-22</discovery>
+ <entry>2023-03-08</entry>
+ </dates>
+ </vuln>
+
<vuln vid="6678211c-bd47-11ed-beb0-1c1b0d9ea7e6">
<topic>Apache OpenOffice -- master password vulnerabilities</topic>
<affects>