Re: golang-1.7 / CVE-2019-9514 / CVE-2019-9512
Brian May <bam@debian.org> writes:
> Anyway, as this was marked as minor for golang-1.7 in Stretch, probably
> also should be marked as minor for golang-golang-x-net-dev also...
According to https://security-tracker.debian.org/tracker/CVE-2019-9512,
golang-golang-x-net-dev is a source package that is vulnerable.
But golang-golang-x-net-dev is not a source package. In fact
https://packages.debian.org/search?searchon=sourcenames&keywords=golang-golang-x-crypto-dev
returns 0 results.
golang-golang-x-net-dev is a binary package. The source package is
called golang-go.crypto. This had really confusing me for a while.
--
Brian May <bam@debian.org>
Reply to: