New CVEs need to apply to gosu

tianon / gosu

Simple Go-based setuid+setgid+setgroups+exec

Apache License 2.0

4.68k stars 312 forks source link

New CVEs need to apply to gosu #107

Closed HeryGitH closed 2 years ago

HeryGitH commented 2 years ago

Hi There,

We realized there are two new CVEs didn't apply to Gosu, which are CVE-2022-24921, CVE-2021-33194, would anybody can apply in the new release plan ? thanks!

tianon commented 2 years ago

Thanks for the note! I've added these both to #104:

CVE-2021-33194: does not use golang.org/x/net (#107) ...

CVE-2022-24921: does not use deeply nested regexp (#107)

HeryGitH commented 2 years ago

Thanks, Tianon!

On Mon, May 9, 2022 at 9:25 AM Tianon Gravi @.***> wrote:

Closed #107 https://github.com/tianon/gosu/issues/107.

— Reply to this email directly, view it on GitHub https://github.com/tianon/gosu/issues/107#event-6574607537, or unsubscribe https://github.com/notifications/unsubscribe-auth/AZC3L4NC6VGO44RSUWFE3TDVJE4A3ANCNFSM5VOZOBPA . You are receiving this because you authored the thread.Message ID: @.***>