CVE in golang

To: debian-security-tracker@lists.debian.org
Subject: CVE in golang
From: "Dr. Tobias Quathamer" <toddy@debian.org>
Date: Thu, 26 Sep 2019 12:09:51 +0200
Message-id: <[🔎] 443297a5-e110-2550-6f28-cdeecddacfb2@debian.org>

Hi,

there is another CVE in golang:

CVE-2019-16276
net/textproto: don't normalize headers with spaces before the colon.
https://github.com/golang/go/issues/34541

This has been fixed in the latest uploads of golang:

golang-1.12: 1.12.10-1
golang-1.13: 1.13.1-1

For the stable distribution, I'll prepare an upload for golang-1.11 and
will contact the security team to get a permission.

The fixed upload will most likely be version 1.11.6-1+deb10u2.

Regards,
Tobias

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: CVE in golang
  - From: "Dr. Tobias Quathamer" <toddy@debian.org>

Prev by Date: External check
Next by Date: Re: CVE in golang
Previous by thread: Re: [security@suse.de] request for changing SUSE reference URL
Next by thread: Re: CVE in golang
Index(es):
- Date
- Thread