CVE in golang

To: debian-security-tracker@lists.debian.org
Subject: CVE in golang
From: "Dr. Tobias Quathamer" <toddy@debian.org>
Date: Fri, 31 Jan 2020 22:07:34 +0100
Message-id: <[🔎] 45836d08-f5f5-8084-4825-a96ef911c75d@debian.org>

Dear security team,

after some quiet months, it's time again for a
security issue in golang :-)

CVE-2020-7919
crypto/x509, x/crypto/cryptobyte: panic in certificate parsing
Issue: https://github.com/golang/go/issues/36838

I've already uploaded a fixed version (golang-1.13) to unstable and am
investigating the golang-1.11 version in stable.

Regards,
Tobias

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: CVE in golang
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: External check
Next by Date: Re: CVE in golang
Previous by thread: security-tracker: Current issues with triggers for updating information
Next by thread: Re: CVE in golang
Index(es):
- Date
- Thread