Re: CVE in golang

To: debian-security-tracker@lists.debian.org
Subject: Re: CVE in golang
From: "Dr. Tobias Quathamer" <toddy@debian.org>
Date: Thu, 26 Sep 2019 12:27:37 +0200
Message-id: <[🔎] 426be4a4-af90-24ef-7444-ce9a469993a1@debian.org>
In-reply-to: <[🔎] 443297a5-e110-2550-6f28-cdeecddacfb2@debian.org>
References: <[🔎] 443297a5-e110-2550-6f28-cdeecddacfb2@debian.org>

Am 26.09.19 um 12:09 schrieb Dr. Tobias Quathamer:
> Hi,
> 
> there is another CVE in golang:
> 
> CVE-2019-16276
> net/textproto: don't normalize headers with spaces before the colon.
> https://github.com/golang/go/issues/34541
> 
> This has been fixed in the latest uploads of golang:
> 
> golang-1.12: 1.12.10-1
> golang-1.13: 1.13.1-1

... oh, and some more information:

Debian bug #941173

golang-1.12:
https://github.com/golang/go/issues/34541
https://github.com/golang/go/commit/6e6f4aaf70c8b1cc81e65a26332aa9409de03ad8

golang-1.13:
https://github.com/golang/go/issues/34542
https://github.com/golang/go/commit/5a6ab1ec3e678640befebeb3318b746a64ad986c

Regards,
Tobias

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: CVE in golang
  - From: Salvatore Bonaccorso <carnil@debian.org>

References:
- CVE in golang
  - From: "Dr. Tobias Quathamer" <toddy@debian.org>

Prev by Date: CVE in golang
Next by Date: Re: CVE in golang
Previous by thread: CVE in golang
Next by thread: Re: CVE in golang
Index(es):
- Date
- Thread