Back to bug 2196026
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Anten Skrabec | 2023-05-07 16:34:14 UTC | Fixed In Version | golang 1.19.9, golang 1.20.4 | |
| Anten Skrabec | 2023-05-07 16:37:11 UTC | Severity | medium | high |
| Priority | medium | high | ||
| Anten Skrabec | 2023-05-07 16:45:02 UTC | Priority | high | medium |
| Severity | high | medium | ||
| Anten Skrabec | 2023-05-08 09:19:18 UTC | CC | amctagga, aoconnor, asm, bniver, bodavis, dbenoit, emachado, flucifre, gmeno, mbenjamin, mhackett, mnewsome, sipoyare, sostapov, tstellar, vereddy | |
| Anten Skrabec | 2023-05-08 09:23:59 UTC | Summary | CVE-2023-24539 html/template: improper sanitization of CSS values | CVE-2023-24539 golang: html/template: improper sanitization of CSS values |
| Anten Skrabec | 2023-05-08 09:24:31 UTC | CC | abishop, ansmith, aveerama, bbaude, bbuckingham, bcourt, chazlett, cwelton, davidn, dcadzow, debarshir, desktop-qa-list, dkenigsb, dwalsh, eglynn, ehelms, ellin, epacific, fdeutsch, grafana-maint, jcammara, jhardy, jjoyce, jkurik, jligon, jneedle, jnovy, jobarker, joelsmith, jsherril, lhh, lsm5, lzap, mabashia, mboddu, mburns, mcressma, mgarciac, mheon, mhulan, mokumar, myarboro, nathans, nbecker, nmoumoul, ocs-bugs, orabin, oramraz, osapryki, osbuilders, pcreech, pehunt, pjindal, pthomas, rchan, rgarg, rhcos-sst, saroy, scorneli, scox, sgott, shbose, simaishi, smcdonal, smullick, spower, teagle, tsweeney, ubhargav, umohnani, yguenane, zsadeh | |
| Anten Skrabec | 2023-05-08 09:24:49 UTC | CC | amasferr, bdettelb, dsimansk, dymurray, gparvin, ibolton, jcantril, jkoehler, jmatthew, jmontleo, lball, matzew, mkudlej, mrajanna, mwringe, nboldt, njean, owatkins, pahickey, periklis, rhos-maint, rhuss, rjohnson, rrajasek, skontopo, slucidi, sseago, stcannon, tjochec, whayutin | |
| Anten Skrabec | 2023-05-08 09:25:13 UTC | CC | jwendell, rcernich, twalsh | |
| RaTasha Tillery-Smith | 2023-05-08 12:52:21 UTC | Doc Text | Angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for injection of unexpected HMTL, if executed with untrusted input. | A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for the injection of unexpected HMTL if executed with untrusted input. |
| CC | adudiak, kshier, tfister | |||
| Anten Skrabec | 2023-05-09 09:56:28 UTC | Depends On | 2196470, 2196471 | |
| Anten Skrabec | 2023-05-09 10:18:21 UTC | Depends On | 2196482, 2196485, 2196487, 2196488, 2196491, 2196483, 2196481, 2196492, 2196490, 2196484, 2196486, 2196489 | |
| Borja Tarraso | 2023-05-09 12:53:25 UTC | CC | dfreiber, jburrell, rogbas, vkumar | |
| TEJ RATHI | 2023-05-11 15:05:31 UTC | CC | aveerama, bbaude, debarshir, desktop-qa-list, dwalsh, ellin, grafana-maint, jkurik, jligon, jnovy, lsm5, mboddu, mheon, nathans, nboldt, osbuilders, pehunt, pthomas, rgarg, rhcos-sst, scorneli, scox, shbose, tsweeney, ubhargav, umohnani | |
| TEJ RATHI | 2023-05-11 15:06:02 UTC | CC | aveerama, bbaude, debarshir, desktop-qa-list, dwalsh, ellin, grafana-maint, jkurik, jligon, jnovy, lsm5, mboddu, mheon, nathans, osbuilders, pehunt, pthomas, rgarg, rhcos-sst, scorneli, scox, shbose, tsweeney, ubhargav, umohnani | |
| TEJ RATHI | 2023-05-11 15:06:31 UTC | CC | nboldt | |
| Anten Skrabec | 2023-05-11 15:25:17 UTC | Depends On | 2203234 | |
| TEJ RATHI | 2023-05-11 16:12:52 UTC | Depends On | 2203249, 2203251, 2203250 | |
| Red Hat Bugzilla | 2023-05-15 18:03:48 UTC | CC | rrajasek | |
| Red Hat Bugzilla | 2023-05-15 18:50:55 UTC | CC | dcadzow | |
| TEJ RATHI | 2023-05-16 07:36:21 UTC | Depends On | 2207503, 2207502, 2207505, 2207515, 2207510, 2207509, 2207512, 2207514, 2207511, 2207506, 2207508, 2207504, 2207507, 2207513 | |
| TEJ RATHI | 2023-05-16 07:46:36 UTC | Depends On | 2207519, 2207522, 2207518, 2207521, 2207523, 2207520 | |
| Red Hat Bugzilla | 2023-05-16 09:27:26 UTC | CC | mokumar | |
| Marco Benatto | 2023-05-16 20:53:48 UTC | CC | dperaza, dshah, jchui, tkral | |
| errata-xmlrpc | 2023-05-25 12:26:09 UTC | Link ID | Red Hat Product Errata RHSA-2023:3323 | |
| errata-xmlrpc | 2023-05-31 19:38:19 UTC | Link ID | Red Hat Product Errata RHSA-2023:3415 | |
| Red Hat Bugzilla | 2023-05-31 23:37:29 UTC | CC | mrajanna | |
| errata-xmlrpc | 2023-06-05 09:29:05 UTC | Link ID | Red Hat Product Errata RHSA-2023:3435 | |
| errata-xmlrpc | 2023-06-05 14:08:23 UTC | Link ID | Red Hat Product Errata RHSA-2023:3445 | |
| errata-xmlrpc | 2023-06-07 01:51:04 UTC | Link ID | Red Hat Product Errata RHSA-2023:3367 | |
| errata-xmlrpc | 2023-06-13 15:32:38 UTC | Link ID | Red Hat Product Errata RHSA-2023:3540 | |
| Red Hat Bugzilla | 2023-06-14 21:29:43 UTC | CC | mcressma | |
| errata-xmlrpc | 2023-06-28 15:43:03 UTC | Link ID | Red Hat Product Errata RHSA-2023:3905 | |
| errata-xmlrpc | 2023-06-29 00:59:28 UTC | Link ID | Red Hat Product Errata RHSA-2023:3918 | |
| Joel Smith | 2023-06-29 21:46:27 UTC | Doc Type | --- | If docs needed, set a value |
| CC | joelsmith | |||
| Paige Jung | 2023-06-29 21:58:38 UTC | Doc Text | A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for the injection of unexpected HMTL if executed with untrusted input. | A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if executed with untrusted input. |
| Red Hat Bugzilla | 2023-07-07 08:34:39 UTC | Assignee | security-response-team | nobody |
| Carlos O'Donell | 2023-07-09 12:57:33 UTC | CC | mnewsome | |
| errata-xmlrpc | 2023-07-10 08:51:40 UTC | Link ID | Red Hat Product Errata RHSA-2023:4003 | |
| Debarshi Ray | 2023-07-10 15:28:52 UTC | Flags | needinfo?(askrabec) | |
| Anten Skrabec | 2023-07-10 16:57:56 UTC | CC | trathi | |
| Flags | needinfo?(trathi) | |||
| Anten Skrabec | 2023-07-10 16:58:28 UTC | Flags | needinfo?(askrabec) | |
| TEJ RATHI | 2023-07-11 04:04:51 UTC | CC | nmontero | |
| TEJ RATHI | 2023-07-11 04:06:04 UTC | Flags | needinfo?(trathi) | |
| TEJ RATHI | 2023-07-11 04:06:42 UTC | CC | dcadzow, dhughes, joelsmith, mcressma, mnewsome, nobody, pgrist | |
| TEJ RATHI | 2023-07-11 04:08:45 UTC | Depends On | 2221850 | |
| Debarshi Ray | 2023-07-11 18:57:50 UTC | Flags | needinfo?(trathi) | |
| TEJ RATHI | 2023-07-12 05:01:29 UTC | Flags | needinfo?(trathi) | |
| Chess Hazlett | 2023-07-17 19:04:30 UTC | CC | ataylor, jross, rkieley | |
| errata-xmlrpc | 2023-07-20 17:29:01 UTC | Link ID | Red Hat Product Errata RHSA-2023:4093 | |
| errata-xmlrpc | 2023-07-27 01:14:05 UTC | Link ID | Red Hat Product Errata RHSA-2023:4293 | |
| Red Hat Bugzilla | 2023-08-03 08:30:19 UTC | CC | ocs-bugs | |
| errata-xmlrpc | 2023-08-03 14:12:37 UTC | Link ID | Red Hat Product Errata RHSA-2023:4470 | |
| errata-xmlrpc | 2023-08-03 15:51:34 UTC | Link ID | Red Hat Product Errata RHSA-2023:4472 | |
| errata-xmlrpc | 2023-08-08 00:36:39 UTC | Link ID | Red Hat Product Errata RHSA-2023:4335 | |
| errata-xmlrpc | 2023-08-08 11:30:19 UTC | Link ID | Red Hat Product Errata RHSA-2023:4459 | |
| errata-xmlrpc | 2023-08-14 01:02:58 UTC | Link ID | Red Hat Product Errata RHSA-2023:4627 | |
| errata-xmlrpc | 2023-08-16 14:09:49 UTC | Link ID | Red Hat Product Errata RHSA-2023:4664 |
Back to bug 2196026