Candidate: CVE-2021-41772
PublicDate: 2021-11-08 06:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41772
 https://github.com/golang/go/issues/48085
 https://groups.google.com/g/golang-announce/c/0fM21h43arc
 https://github.com/golang/go/commit/b212ba68296b503b395e7d1838ca72a19030a6bf (go1.17.3)
 https://github.com/golang/go/commit/88407a8dd98411f1730907dc8a69b99488af0052 (go1.16.10)
Description:
 Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip
 Reader.Open panic via a crafted ZIP archive containing an invalid name or
 an empty filename field.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_golang-1.17:
upstream_golang-1.17: released (1.17.3-1)
trusty_golang-1.17: ignored (out of standard support)
xenial_golang-1.17: ignored (out of standard support)
impish_golang-1.17: needs-triage
jammy_golang-1.17: needs-triage
devel_golang-1.17: needs-triage

Patches_golang-1.16:
upstream_golang-1.16: needs-triage
trusty_golang-1.16: ignored (out of standard support)
xenial_golang-1.16: ignored (out of standard support)
focal_golang-1.16: needs-triage
hirsute_golang-1.16: ignored (reached end-of-life)
impish_golang-1.16: needs-triage
jammy_golang-1.16: DNE
devel_golang-1.16: DNE

Patches_golang-1.15:
upstream_golang-1.15: needs-triage
trusty_golang-1.15: ignored (out of standard support)
xenial_golang-1.15: ignored (out of standard support)
hirsute_golang-1.15: ignored (reached end-of-life)
impish_golang-1.15: needs-triage

Patches_golang-1.11:
upstream_golang-1.11: needs-triage
trusty_golang-1.11: ignored (out of standard support)
xenial_golang-1.11: ignored (out of standard support)

Patches_golang-1.8:
upstream_golang-1.8: needs-triage
trusty_golang-1.8: ignored (out of standard support)
xenial_golang-1.8: ignored (out of standard support)
bionic_golang-1.8: needs-triage

Patches_golang-1.7:
upstream_golang-1.7: needs-triage
trusty_golang-1.7: ignored (out of standard support)
xenial_golang-1.7: ignored (out of standard support)