[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#991961: golang-1.15: CVE-2021-36221



Hi,

On Sat, Aug 7, 2021 at 1:51 AM Salvatore Bonaccorso <carnil@debian.org> wrote:
>
> Source: golang-1.15
> Version: 1.15.9-6
> Severity: important
> Tags: security upstream
> Forwarded: https://github.com/golang/go/issues/46866
> X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
>
> Hi,
>
> The following vulnerability was published for golang-1.15.
>
> CVE-2021-36221[0]:
> | net/http: panic due to racy read of persistConn after handler panic
>

The issue looks minor(upstream disclose it without pre-announce).
Should we fix it before the bullseye release?
Fixing issues in the compiler's std library needs to rebuild the whole
world, see #990825

Or we just postpone later, or just fix the compiler package along?

-- 
Shengjing Zhu


Reply to: