CVEs in golang

To: debian-security-tracker@lists.debian.org
Subject: CVEs in golang
From: "Dr. Tobias Quathamer" <toddy@debian.org>
Date: Wed, 14 Aug 2019 21:40:54 +0200
Message-id: <[🔎] 29ad2e36-4f18-7e9b-8f38-bca0d3f7e8f5@debian.org>

Hi,

there are a couple of CVEs in golang:

CVE-2019-14809: net/url: URL.Parse Multiple Parsing Issues
Issue: https://github.com/golang/go/issues/29098

Fixed for golang-1.11:
https://github.com/golang/go/commit/c1d9ca70995dc232a2145e3214f94e03409f6fcc

Fixed for golang-1.12:
https://github.com/golang/go/commit/3226f2d492963d361af9dfc6714ef141ba606713


CVE-2019-9512, CVE-2019-9514
net/http, x/net/http2: Denial of Service vulnerabilities in the HTTP/2
implementation
Issue: https://github.com/golang/go/issues/33606

Fixed for golang-1.11:
https://github.com/golang/go/commit/e152b01a468a1c18a290bf9aec52ccea7693c7f2

Fixed for golang-1.12:
https://github.com/golang/go/commit/7139b45d1410ded14e1e131151fd8dfc435ede6c


Regards,
Tobias

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: CVEs in golang
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: External check
Next by Date: External check
Previous by thread: Bug#908678: Update on the security-tracker git discussion
Next by thread: Re: CVEs in golang
Index(es):
- Date
- Thread