Re: CVE in golang

To: "Dr. Tobias Quathamer" <toddy@debian.org>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: CVE in golang
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 26 Sep 2019 12:40:01 +0200
Message-id: <[🔎] 20190926104001.GA15259@lorien.valinor.li>
Mail-followup-to: "Dr. Tobias Quathamer" <toddy@debian.org>, debian-security-tracker@lists.debian.org
In-reply-to: <[🔎] 426be4a4-af90-24ef-7444-ce9a469993a1@debian.org>
References: <[🔎] 443297a5-e110-2550-6f28-cdeecddacfb2@debian.org> <[🔎] 426be4a4-af90-24ef-7444-ce9a469993a1@debian.org>

Hi,

On Thu, Sep 26, 2019 at 12:27:37PM +0200, Dr. Tobias Quathamer wrote:
> Am 26.09.19 um 12:09 schrieb Dr. Tobias Quathamer:
> > Hi,
> > 
> > there is another CVE in golang:
> > 
> > CVE-2019-16276
> > net/textproto: don't normalize headers with spaces before the colon.
> > https://github.com/golang/go/issues/34541
> > 
> > This has been fixed in the latest uploads of golang:
> > 
> > golang-1.12: 1.12.10-1
> > golang-1.13: 1.13.1-1
> 
> ... oh, and some more information:
> 
> Debian bug #941173
> 
> golang-1.12:
> https://github.com/golang/go/issues/34541
> https://github.com/golang/go/commit/6e6f4aaf70c8b1cc81e65a26332aa9409de03ad8
> 
> golang-1.13:
> https://github.com/golang/go/issues/34542
> https://github.com/golang/go/commit/5a6ab1ec3e678640befebeb3318b746a64ad986c

Thanks!

Regards,
Salvatore

Reply to:

References:
- CVE in golang
  - From: "Dr. Tobias Quathamer" <toddy@debian.org>
- Re: CVE in golang
  - From: "Dr. Tobias Quathamer" <toddy@debian.org>

Prev by Date: Re: CVE in golang
Next by Date: External check
Previous by thread: Re: CVE in golang
Index(es):
- Date
- Thread