[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1749-1] golang security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : golang
Version        : 2:1.3.3-1+deb8u2
CVE ID         : CVE-2019-9741
Debian Bug     : #924630

It was discovered that there was a CRLF injection attack in the Go
programming language runtime library.

Passing \r\n to http.NewRequest could allow execution of arbitrary
HTTP headers or Redis commands.

For Debian 8 "Jessie", this issue has been fixed in golang version
2:1.3.3-1+deb8u2.

We recommend that you upgrade your golang packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlykzZkACgkQHpU+J9Qx
HlhZ+g/9GnmPttq9BVBNbk47C+KnvCeaN9QOIruTGy8fznTK9DpI1Gr02K9DuUPY
VdLieZ9oPdjWTGQFpzx8S/2xH6aFmIiJxJZ7AsVWk0omt82RjMvjoikac4u2RTIM
AoxpHjeVE/hrKwsYoTO0Cdn/Y7KdAVMS/OtxkkUnuq4Z6uiLrbaDRR9s5seIZh7t
nS0QJMfej1ZnJsdVml7dRi5IQAqQ26cWK56w4Rk/KmcFLHGv6p1Jnlt1oxlS53te
fpzWrNNeghJ5mqk+qatt4NjM53T6IKuahMmgOW5/1721KJ5QaC3ssgB9CQOr6w4F
G1oFM1WyYz7C/nTnrdyf4eElopJQBjNBFLPhBNov//lXYwWqTvPZkf+497jFkOwj
fs4V06I2sU0XTFkgfs0fVyILNrTXB3GiqkutB+8KLXloaSEtlJIXudxFDsfIKM0I
a8GHwt4b9ZtYxQXP54ELTDlXy0qOzjL15YszzeYeJKGoJaS+VoubDJCvUbQaT9oA
gh+3/qBgU27TX9Cwq/0d0mfM+pgMBXkuYDIZph7lXnFLx63w/CMx5p1D/i+espwe
e/yMczhuMvsvO8xee5lzEidVwWaMZv9ZEJrq9s46Ns1FgrSbF059h2wQTNmgNxgr
uQlIs3s/A8INp09YwTONPBJhvo3KOOVvcxJsruggI3MAvOVCFiM=
=3CSu
-----END PGP SIGNATURE-----
Reply to: