x/vulndb: potential Go vuln in github.com/foxcpp/maddy: GHSA-m6m5-pp4g-fcc8 #374

GoVulnBot · 2022-03-24T18:01:15Z

In GitHub Security Advisory GHSA-m6m5-pp4g-fcc8, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/foxcpp/maddy	0.5.1	< 0.5.1

See doc/triage.md for instructions on how to triage this report.

package: github.com/foxcpp/maddy
versions:
  - introduced: v0.0.0
    fixed: v0.5.1
description: |-
    ### Impact

    Anyone using storage.blob.s3 introduced in 0.5.0 with storage.imapsql.
    ```
    storage.imapsql local_mailboxes {
      ...
      msg_store s3 {
        ...
      }
    }
    ```

    ### Patches

    The relevant commit is pushed to master and will be included in the 0.5.1 release.

    No special handling of the issue has been done due to the small amount of affected users.

    ### Workarounds

    None.

    ### References

    * Original report: https://github.com/foxcpp/maddy/issues/395
    * Fix: https://github.com/foxcpp/maddy/commit/07c8495ee4394fabbf5aac4df8aebeafb2fb29d8
published: 2021-10-06T17:47:35Z
last_modified: 2021-10-06T17:47:35Z
ghsas:
  - GHSA-m6m5-pp4g-fcc8

The text was updated successfully, but these errors were encountered:

neild · 2022-07-08T19:47:11Z

Vulnerability in tool.

gopherbot · 2024-06-14T19:53:28Z

Change https://go.dev/cl/592767 mentions this issue: data/reports: unexclude 50 reports

gopherbot · 2024-08-20T19:41:12Z

Change https://go.dev/cl/607217 mentions this issue: data/reports: unexclude 20 reports (15)

- data/reports/GO-2022-0367.yaml - data/reports/GO-2022-0368.yaml - data/reports/GO-2022-0369.yaml - data/reports/GO-2022-0372.yaml - data/reports/GO-2022-0374.yaml - data/reports/GO-2022-0375.yaml - data/reports/GO-2022-0377.yaml - data/reports/GO-2022-0378.yaml - data/reports/GO-2022-0381.yaml - data/reports/GO-2022-0387.yaml - data/reports/GO-2022-0388.yaml - data/reports/GO-2022-0389.yaml - data/reports/GO-2022-0390.yaml - data/reports/GO-2022-0392.yaml - data/reports/GO-2022-0393.yaml - data/reports/GO-2022-0395.yaml - data/reports/GO-2022-0396.yaml - data/reports/GO-2022-0398.yaml - data/reports/GO-2022-0405.yaml - data/reports/GO-2022-0406.yaml Updates #367 Updates #368 Updates #369 Updates #372 Updates #374 Updates #375 Updates #377 Updates #378 Updates #381 Updates #387 Updates #388 Updates #389 Updates #390 Updates #392 Updates #393 Updates #395 Updates #396 Updates #398 Updates #405 Updates #406 Change-Id: I001f245aa4d9225668c2b30e3d5b4ca7a7e9b3b3 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607217 Commit-Queue: Tatiana Bradley <tatianabradley@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com>

julieqiu assigned rolandshoemaker Apr 4, 2022

julieqiu unassigned rolandshoemaker Jun 15, 2022

neild closed this as completed Jul 8, 2022

neild self-assigned this Jul 8, 2022

neild added the NotGoVuln label Jul 8, 2022

neild added excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. and removed NotGoVuln labels Aug 11, 2022

GoVulnBot mentioned this issue Mar 13, 2023

x/vulndb: potential Go vuln in github.com/foxcpp/maddy: CVE-2023-27582 #1630

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/foxcpp/maddy: GHSA-m6m5-pp4g-fcc8 #374

x/vulndb: potential Go vuln in github.com/foxcpp/maddy: GHSA-m6m5-pp4g-fcc8 #374

GoVulnBot commented Mar 24, 2022

neild commented Jul 8, 2022

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024

x/vulndb: potential Go vuln in github.com/foxcpp/maddy: GHSA-m6m5-pp4g-fcc8 #374

x/vulndb: potential Go vuln in github.com/foxcpp/maddy: GHSA-m6m5-pp4g-fcc8 #374

Comments

GoVulnBot commented Mar 24, 2022

neild commented Jul 8, 2022

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024