Re: golang-1.7 / CVE-2019-9514 / CVE-2019-9512

To: debian-lts@lists.debian.org
Subject: Re: golang-1.7 / CVE-2019-9514 / CVE-2019-9512
From: Brian May <bam@debian.org>
Date: Thu, 03 Dec 2020 09:26:01 +1100
Message-id: <[🔎] 87mtyvn8ue.fsf@canidae.wired.pri>
In-reply-to: <87y2ljop3b.fsf@canidae.wired.pri>
References: <87y2ljop3b.fsf@canidae.wired.pri>

Brian May <bam@debian.org> writes:

> Anyway, as this was marked as minor for golang-1.7 in Stretch, probably
> also should be marked as minor for golang-golang-x-net-dev also...

According to https://security-tracker.debian.org/tracker/CVE-2019-9512,
golang-golang-x-net-dev is a source package that is vulnerable.

But golang-golang-x-net-dev is not a source package. In fact

https://packages.debian.org/search?searchon=sourcenames&keywords=golang-golang-x-crypto-dev

returns 0 results.

golang-golang-x-net-dev is a binary package. The source package is
called golang-go.crypto. This had really confusing me for a while.
-- 
Brian May <bam@debian.org>

Reply to:

Follow-Ups:
- Re: golang-1.7 / CVE-2019-9514 / CVE-2019-9512
  - From: Brian May <bam@debian.org>

Prev by Date: reverse build depends on stretch
Next by Date: Re: reverse build depends on stretch
Previous by thread: Re: reverse build depends on stretch
Next by thread: Re: golang-1.7 / CVE-2019-9514 / CVE-2019-9512
Index(es):
- Date
- Thread