Re: CVE in golang

To: "Dr. Tobias Quathamer" <toddy@debian.org>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: CVE in golang
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 31 Jan 2020 22:31:31 +0100
Message-id: <[🔎] 20200131213131.GA1013366@eldamar.local>
Mail-followup-to: "Dr. Tobias Quathamer" <toddy@debian.org>, debian-security-tracker@lists.debian.org
In-reply-to: <[🔎] 45836d08-f5f5-8084-4825-a96ef911c75d@debian.org>
References: <[🔎] 45836d08-f5f5-8084-4825-a96ef911c75d@debian.org>

Hi Tobias,

On Fri, Jan 31, 2020 at 10:07:34PM +0100, Dr. Tobias Quathamer wrote:
> Dear security team,
> 
> after some quiet months, it's time again for a
> security issue in golang :-)
> 
> CVE-2020-7919
> crypto/x509, x/crypto/cryptobyte: panic in certificate parsing
> Issue: https://github.com/golang/go/issues/36838
> 
> I've already uploaded a fixed version (golang-1.13) to unstable and am
> investigating the golang-1.11 version in stable.

Thanks, I just have added a tracking item in the security-tracker for
CVE-2020-7919.

Regards,
Salvatore

Reply to:

Follow-Ups:
- Re: CVE in golang
  - From: "Dr. Tobias Quathamer" <toddy@debian.org>

References:
- CVE in golang
  - From: "Dr. Tobias Quathamer" <toddy@debian.org>

Prev by Date: CVE in golang
Next by Date: Re: CVE in golang
Previous by thread: CVE in golang
Next by thread: Re: CVE in golang
Index(es):
- Date
- Thread