[SECURITY] [DLA 4285-1] golang-github-gin-contrib-cors security

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4285-1] golang-github-gin-contrib-cors security
From: Thorsten Alteholz <debian@alteholz.de>
Date: Thu, 28 Aug 2025 17:51:13 +0000 (UTC)
Message-id: <[🔎] fbc644c-5620-3e3e-547a-d52778d74823@alteholz.de>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4285-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
August 28, 2025                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : golang-github-gin-contrib-cors
Version        : 1.3.1-1+deb11u1
CVE ID         : CVE-2019-25211

An issue has been found in golang-github-gin-contrib-cors, a Ginmiddleware/handler to enable CORS support. The issue is related toimproper wildcard handling and an attacker might be able to circumventrestrictions.



For Debian 11 bullseye, this problem has been fixed in version
1.3.1-1+deb11u1.

We recommend that you upgrade your golang-github-gin-contrib-corspackages.

For the detailed security status of golang-github-gin-contrib-cors pleaserefer to

its security tracker page at:
https://security-tracker.debian.org/tracker/golang-github-gin-contrib-cors

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmiwlxFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdbPxAAnT0RCAf8CnlzkIhrOP2HOIQCqOhpUE/pB+k+alkX90un5xIgqNlwxJ0W
1dgNfmBttayyvZ67WMLgQ2QB2ioGZxidMjgcedPxmAIsMOO4hAMKO7dUehOSCREg
YqGxHnATq4RxZXbJQbb0k8Ie/Mzp8lDA64U+TrrPo84Yk2eYYb1m9bZk6wN4QGcV
cV4z2BOmFoI6PlZF0tECz0WMr+6aBXwF7Wp8vEA6e+ZI8LRasA9UiYU4Qhx8+pmg
J2Zz+hgHybiXAvvFV8wacqWJtan/qEUjqDDp22D7o9UCK682j2L/b+7D3JE174xk
nTlmtMeC8Jqe3LW+xVtR2hwMbKS4Pxfuhe/7P71QR8rYXHBnJY6aYSKe/h3TScSv
HPIiIBahAXD2pczOAHqv4HlxY2aXh/LT1kJkPHXZg2RofrkFaNOmeKAAQteKLDos
MMG9m/vpBf1LC+zzJ9tc9+AqmhFkqBuRrCuLuCLTEfeOTna5qaz4CE3sa+/843PW
UAmQO72wakxo+CEr3wbFeeRpfT+Ko0QrvG65LPX9tJpUkJgKARekJUgh8wArzkMD
GY6+f/qG+Qb7vfoJ+6MQyEaxwwV4GKnNVU19x/2x4KeZCgNiNYy1bWoOJpN5Get+
GsC/87vhQ4kW/OB4pohGzRK/cVyJqP4+Vzxva97xvgiyKmgRYmY=
=NCyh
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4284-1] udisks2 security update
Next by Date: [SECURITY] [DLA 4274-2] mbedtls security update
Previous by thread: [SECURITY] [DLA 4284-1] udisks2 security update
Next by thread: [SECURITY] [DLA 4274-2] mbedtls security update
Index(es):
- Date
- Thread