Am 26.09.19 um 12:09 schrieb Dr. Tobias Quathamer: > Hi, > > there is another CVE in golang: > > CVE-2019-16276 > net/textproto: don't normalize headers with spaces before the colon. > https://github.com/golang/go/issues/34541 > > This has been fixed in the latest uploads of golang: > > golang-1.12: 1.12.10-1 > golang-1.13: 1.13.1-1 ... oh, and some more information: Debian bug #941173 golang-1.12: https://github.com/golang/go/issues/34541 https://github.com/golang/go/commit/6e6f4aaf70c8b1cc81e65a26332aa9409de03ad8 golang-1.13: https://github.com/golang/go/issues/34542 https://github.com/golang/go/commit/5a6ab1ec3e678640befebeb3318b746a64ad986c Regards, Tobias
Attachment:
signature.asc
Description: OpenPGP digital signature