x/vulndb: potential Go vuln in github.com/foxcpp/maddy: GHSA-qh54-9vc5-m9fg #378

GoVulnBot · 2022-03-24T18:01:19Z

In GitHub Security Advisory GHSA-qh54-9vc5-m9fg, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/foxcpp/maddy	0.5.2	>= 0.5.0, < 0.5.2

See doc/triage.md for instructions on how to triage this report.

package: github.com/foxcpp/maddy
versions:
  - introduced: v0.5.0
    fixed: v0.5.2
description: "### Impact\n\nThis vulnerability affects maddy 0.5.1, 0.5.0 users using
    auth.shadow module\nand an extremely outdated system that still allows MD5 hashes
    in \n/etc/shadows.\n\n### Patches\n\nPatch is available as part of the 0.5.2 release.\n\n###
    Workarounds\n\nEnsure MD5 hashes are not present in /etc/shadow.\n"
published: 2021-10-12T16:06:30Z
last_modified: 2021-10-12T16:06:30Z
ghsas:
  - GHSA-qh54-9vc5-m9fg

The text was updated successfully, but these errors were encountered:

neild · 2022-07-08T19:50:27Z

Vulnerability in tool.

gopherbot · 2024-06-14T19:53:30Z

Change https://go.dev/cl/592767 mentions this issue: data/reports: unexclude 50 reports

gopherbot · 2024-08-20T19:41:14Z

Change https://go.dev/cl/607217 mentions this issue: data/reports: unexclude 20 reports (15)

- data/reports/GO-2022-0367.yaml - data/reports/GO-2022-0368.yaml - data/reports/GO-2022-0369.yaml - data/reports/GO-2022-0372.yaml - data/reports/GO-2022-0374.yaml - data/reports/GO-2022-0375.yaml - data/reports/GO-2022-0377.yaml - data/reports/GO-2022-0378.yaml - data/reports/GO-2022-0381.yaml - data/reports/GO-2022-0387.yaml - data/reports/GO-2022-0388.yaml - data/reports/GO-2022-0389.yaml - data/reports/GO-2022-0390.yaml - data/reports/GO-2022-0392.yaml - data/reports/GO-2022-0393.yaml - data/reports/GO-2022-0395.yaml - data/reports/GO-2022-0396.yaml - data/reports/GO-2022-0398.yaml - data/reports/GO-2022-0405.yaml - data/reports/GO-2022-0406.yaml Updates #367 Updates #368 Updates #369 Updates #372 Updates #374 Updates #375 Updates #377 Updates #378 Updates #381 Updates #387 Updates #388 Updates #389 Updates #390 Updates #392 Updates #393 Updates #395 Updates #396 Updates #398 Updates #405 Updates #406 Change-Id: I001f245aa4d9225668c2b30e3d5b4ca7a7e9b3b3 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607217 Commit-Queue: Tatiana Bradley <tatianabradley@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com>

julieqiu assigned rolandshoemaker Apr 4, 2022

julieqiu unassigned rolandshoemaker Jun 15, 2022

neild self-assigned this Jul 8, 2022

neild added the NotGoVuln label Jul 8, 2022

neild closed this as completed Jul 8, 2022

neild added excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. and removed NotGoVuln labels Aug 11, 2022

GoVulnBot mentioned this issue Mar 13, 2023

x/vulndb: potential Go vuln in github.com/foxcpp/maddy: CVE-2023-27582 #1630

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/foxcpp/maddy: GHSA-qh54-9vc5-m9fg #378

x/vulndb: potential Go vuln in github.com/foxcpp/maddy: GHSA-qh54-9vc5-m9fg #378

GoVulnBot commented Mar 24, 2022

neild commented Jul 8, 2022

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024

x/vulndb: potential Go vuln in github.com/foxcpp/maddy: GHSA-qh54-9vc5-m9fg #378

x/vulndb: potential Go vuln in github.com/foxcpp/maddy: GHSA-qh54-9vc5-m9fg #378

Comments

GoVulnBot commented Mar 24, 2022

neild commented Jul 8, 2022

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024