Re: CVE in golang
Hi,
On Thu, Sep 26, 2019 at 12:27:37PM +0200, Dr. Tobias Quathamer wrote:
> Am 26.09.19 um 12:09 schrieb Dr. Tobias Quathamer:
> > Hi,
> >
> > there is another CVE in golang:
> >
> > CVE-2019-16276
> > net/textproto: don't normalize headers with spaces before the colon.
> > https://github.com/golang/go/issues/34541
> >
> > This has been fixed in the latest uploads of golang:
> >
> > golang-1.12: 1.12.10-1
> > golang-1.13: 1.13.1-1
>
> ... oh, and some more information:
>
> Debian bug #941173
>
> golang-1.12:
> https://github.com/golang/go/issues/34541
> https://github.com/golang/go/commit/6e6f4aaf70c8b1cc81e65a26332aa9409de03ad8
>
> golang-1.13:
> https://github.com/golang/go/issues/34542
> https://github.com/golang/go/commit/5a6ab1ec3e678640befebeb3318b746a64ad986c
Thanks!
Regards,
Salvatore
Reply to: