govulncheck version

Devs, I'm dealing with a corporate vulnerability scanning tool, and trying to determine the specific version(s) of golang.org/x/net that fixes these issues:
• CVE-2023-39326
• CVE-2023-44487

I already found that CVE-2023-39325 was fixed in x/net v0.17.0 per commit # b225e7c, but cannot find same for the two above. Any help?

(All three vulns pertain to http/2, so I presume all would be fixed in x/net.)

Does this issue reproduce at the latest version of golang.org/x/vuln?

N/A

Output of go env in your module/workspace:

(I don't have access to this info.)

What did you do?

Dealing with Anchore container scans, which is flagging our version of conmon.

What did you see happen?

Anchore flags conmon with these three vulns.

What did you expect to see?

We are patched for CVE-2023-39325 since our conmon is built using golang.org/x/net v0.19.0.

Looking for same level of detail (the specific commit) for these two:
• CVE-2023-39326
• CVE-2023-44487