Re: CVEs in golang
Hi Tobias,
On Wed, Aug 14, 2019 at 09:40:54PM +0200, Dr. Tobias Quathamer wrote:
> Hi,
>
> there are a couple of CVEs in golang:
>
> CVE-2019-14809: net/url: URL.Parse Multiple Parsing Issues
> Issue: https://github.com/golang/go/issues/29098
>
> Fixed for golang-1.11:
> https://github.com/golang/go/commit/c1d9ca70995dc232a2145e3214f94e03409f6fcc
>
> Fixed for golang-1.12:
> https://github.com/golang/go/commit/3226f2d492963d361af9dfc6714ef141ba606713
>
>
> CVE-2019-9512, CVE-2019-9514
> net/http, x/net/http2: Denial of Service vulnerabilities in the HTTP/2
> implementation
> Issue: https://github.com/golang/go/issues/33606
>
> Fixed for golang-1.11:
> https://github.com/golang/go/commit/e152b01a468a1c18a290bf9aec52ccea7693c7f2
>
> Fixed for golang-1.12:
> https://github.com/golang/go/commit/7139b45d1410ded14e1e131151fd8dfc435ede6c
Thanks for your heads-up, I have added entries to track those.
Regards,
Salvatore
Reply to: