Re: CVEs in golang

To: "Dr. Tobias Quathamer" <toddy@debian.org>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: CVEs in golang
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 15 Aug 2019 08:36:20 +0200
Message-id: <[🔎] 20190815063620.GA3682@lorien.valinor.li>
Mail-followup-to: "Dr. Tobias Quathamer" <toddy@debian.org>, debian-security-tracker@lists.debian.org
In-reply-to: <[🔎] 29ad2e36-4f18-7e9b-8f38-bca0d3f7e8f5@debian.org>
References: <[🔎] 29ad2e36-4f18-7e9b-8f38-bca0d3f7e8f5@debian.org>

Hi Tobias,

On Wed, Aug 14, 2019 at 09:40:54PM +0200, Dr. Tobias Quathamer wrote:
> Hi,
> 
> there are a couple of CVEs in golang:
> 
> CVE-2019-14809: net/url: URL.Parse Multiple Parsing Issues
> Issue: https://github.com/golang/go/issues/29098
> 
> Fixed for golang-1.11:
> https://github.com/golang/go/commit/c1d9ca70995dc232a2145e3214f94e03409f6fcc
> 
> Fixed for golang-1.12:
> https://github.com/golang/go/commit/3226f2d492963d361af9dfc6714ef141ba606713
> 
> 
> CVE-2019-9512, CVE-2019-9514
> net/http, x/net/http2: Denial of Service vulnerabilities in the HTTP/2
> implementation
> Issue: https://github.com/golang/go/issues/33606
> 
> Fixed for golang-1.11:
> https://github.com/golang/go/commit/e152b01a468a1c18a290bf9aec52ccea7693c7f2
> 
> Fixed for golang-1.12:
> https://github.com/golang/go/commit/7139b45d1410ded14e1e131151fd8dfc435ede6c

Thanks for your heads-up, I have added entries to track those. 

Regards,
Salvatore

Reply to:

References:
- CVEs in golang
  - From: "Dr. Tobias Quathamer" <toddy@debian.org>

Prev by Date: External check
Next by Date: External check
Previous by thread: CVEs in golang
Next by thread: CVE-2017-17518
Index(es):
- Date
- Thread