[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553
This bug was fixed in the package golang-1.14 - 1.14.7-2ubuntu2 --- golang-1.14 (1.14.7-2ubuntu2) hirsute; urgency=medium * SECURITY UPDATE: XSS (LP: #1914372) - debian/patches/CVE-2020-24553.patch: Add Content-Type detection in net/http/cgi and net/http/fcgi. - CVE-2020-24553 -- Dariusz Gadomski Wed, 03 Feb 2021 09:44:21 +0100 ** Changed in: golang-1.14 (Ubuntu Hirsute) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914372 Title: Ubuntu packages affected by CVE-2020-24553 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/golang-1.14/+bug/1914372/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553
** Changed in: golang-1.14 (Ubuntu Hirsute) Importance: High => Low ** Changed in: golang-1.15 (Ubuntu) Importance: Undecided => Low -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914372 Title: Ubuntu packages affected by CVE-2020-24553 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/golang-1.14/+bug/1914372/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553
This bug was fixed in the package golang-1.14 - 1.14.7-2ubuntu1.1 --- golang-1.14 (1.14.7-2ubuntu1.1) groovy-security; urgency=medium * SECURITY UPDATE: XSS (LP: #1914372) - debian/patches/CVE-2020-24553.patch: Add Content-Type detection in net/http/cgi and net/http/fcgi. - CVE-2020-24553 -- Dariusz Gadomski Wed, 03 Feb 2021 09:59:58 +0100 ** Changed in: golang-1.14 (Ubuntu Groovy) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914372 Title: Ubuntu packages affected by CVE-2020-24553 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/golang-1.14/+bug/1914372/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553
This bug was fixed in the package golang-1.14 - 1.14.3-2ubuntu2~20.04.2 --- golang-1.14 (1.14.3-2ubuntu2~20.04.2) focal-security; urgency=medium * SECURITY UPDATE: XSS (LP: #1914372) - debian/patches/CVE-2020-24553.patch: Add Content-Type detection in net/http/cgi and net/http/fcgi. - CVE-2020-24553 -- Dariusz Gadomski Wed, 03 Feb 2021 10:03:32 +0100 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914372 Title: Ubuntu packages affected by CVE-2020-24553 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/golang-1.14/+bug/1914372/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553
This bug was fixed in the package golang-1.10 - 1.10.4-2ubuntu1~16.04.2 --- golang-1.10 (1.10.4-2ubuntu1~16.04.2) xenial-security; urgency=medium * SECURITY UPDATE: XSS (LP: #1914372) - debian/patches/CVE-2020-24553.patch: Add Content-Type detection in net/http/cgi and net/http/fcgi. - CVE-2020-24553 -- Dariusz Gadomski Wed, 03 Feb 2021 10:11:12 +0100 ** Changed in: golang-1.14 (Ubuntu Focal) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914372 Title: Ubuntu packages affected by CVE-2020-24553 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/golang-1.14/+bug/1914372/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553
This bug was fixed in the package golang-1.10 - 1.10.4-2ubuntu1~18.04.2 --- golang-1.10 (1.10.4-2ubuntu1~18.04.2) bionic-security; urgency=medium * SECURITY UPDATE: XSS (LP: #1914372) - debian/patches/CVE-2020-24553.patch: Add Content-Type detection in net/http/cgi and net/http/fcgi. - CVE-2020-24553 -- Dariusz Gadomski Wed, 03 Feb 2021 08:42:42 +0100 ** Changed in: golang-1.10 (Ubuntu Bionic) Status: In Progress => Fix Released ** Changed in: golang-1.10 (Ubuntu Xenial) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914372 Title: Ubuntu packages affected by CVE-2020-24553 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/golang-1.14/+bug/1914372/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553
Thank you so much Dariusz! All the smoke tests look good as well so it's ready to push out Monday. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914372 Title: Ubuntu packages affected by CVE-2020-24553 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/golang-1.14/+bug/1914372/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553
I have just repeated the testing procedure for golang-1.14 on Focal, Groovy and Hirsute. The test results look correct and consistent with what is expected according to the test case. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914372 Title: Ubuntu packages affected by CVE-2020-24553 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/golang-1.14/+bug/1914372/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553
Thank you Avital. I have just tested golang-1.10 for Xenial and Bionic and the behavior is exactly as expected for a fixed version. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914372 Title: Ubuntu packages affected by CVE-2020-24553 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/golang-1.14/+bug/1914372/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553
The patched update is now uploaded to the security proposed PPA here: https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/ (Hirsute is still building ATM) If anyone has the time to help test any of the packages before they're uploaded to the archive, it would be appreciated :) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914372 Title: Ubuntu packages affected by CVE-2020-24553 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/golang-1.14/+bug/1914372/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553
Bionic patch with corrected versioning (and matryoshka_test.go fixed) ** Patch added: "bionic_golang-1.10.debdiff" https://bugs.launchpad.net/ubuntu/+source/golang-1.14/+bug/1914372/+attachment/5464431/+files/bionic_golang-1.10.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914372 Title: Ubuntu packages affected by CVE-2020-24553 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/golang-1.14/+bug/1914372/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553
Xenial patch (with matryoshka_test.go fixed). ** Patch added: "xenial_golang-1.10.debdiff" https://bugs.launchpad.net/ubuntu/+source/golang-1.14/+bug/1914372/+attachment/5464430/+files/xenial_golang-1.10.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914372 Title: Ubuntu packages affected by CVE-2020-24553 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/golang-1.14/+bug/1914372/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553
Thanks for looking at it. I've checked matryoshka_test.go and looks like it was expecting the old default Content-Type: text/html, while after applying the patch the new default is text/plain. I've updated the debdiffs and will upload them shortly (for x and b). ** Patch removed: "xenial_golang-1.10.debdiff" https://bugs.launchpad.net/ubuntu/+source/golang-1.14/+bug/1914372/+attachment/5459328/+files/xenial_golang-1.10.debdiff ** Patch removed: "bionic_golang-1.10.debdiff" https://bugs.launchpad.net/ubuntu/+source/golang-1.14/+bug/1914372/+attachment/5459326/+files/bionic_golang-1.10.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914372 Title: Ubuntu packages affected by CVE-2020-24553 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/golang-1.14/+bug/1914372/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553
Thank you for the debdiffs, all the golang-1.14 diffs built without issue. Both the patched golang-1.10 builds failed due to matryoshka_test.go, which is no longer present in golang-1.14: 2021/02/10 01:34:37 cgi: copy error: write tcp 127.0.0.1:39673->127.0.0.1:41144: write: broken pipe --- FAIL: TestHostingOurselves (0.01s) matryoshka_test.go:56: got a Content-Type of "text/plain; charset=utf-8"; expected "text/html; charset=utf-8" 2021/02/10 01:34:37 cgi: copy error: past write limit 2021/02/10 01:34:37 cgi: no headers 2021/02/10 01:34:37 cgi: missing required Content-Type in headers 2021/02/10 01:34:37 cgi: no headers I'll be taking a closer look tomorrow but if you have any insights, please let me know. Other than that, I just updated the changelogs to match the security update template https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Update_the_packaging and will be setting the bionic version to 1.10.4-2ubuntu1~18.04.2 instead of 1.10.4-2ubuntu2~18.04.2 Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914372 Title: Ubuntu packages affected by CVE-2020-24553 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/golang-1.14/+bug/1914372/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553
** Description changed: [Impact] Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. [Test Case] Described as POC at https://www.redteam-pentesting.de/en/advisories/rt- sa-2020-004/-inconsistent-behavior-of-gos-cgi-and-fastcgi-transport-may- lead-to-cross-site-scripting: 1. Use the snippet of CGI go code provided and run it: go run poc.go 2. Run nginx with the config provided to forward the FastCGI calls to the go program. 3. curl -i -o - http://localhost:8000 4. Observe the output. In an affected golang build the output will say: Content-Type: text/html (...) while in the fixed version it should recognize the content type correctly as: Content-Type: image/png [Where problems could occur] * It may affect deployments where go apps are used as CGI scripts - if the setup was incorrectly relying on hard-coded content type it may require fixing it. [Other Info] + * It has been specifically backported upstream in release 1.14 series: + https://go.googlesource.com/go/+/8fcee8abbea1bb959c63a6944f9ddf490a97f802 + + $ git tag --contains 8fcee8abbe + go1.14.10 + go1.14.11 + go1.14.12 + go1.14.13 + go1.14.14 + go1.14.15 + go1.14.8 + go1.14.9 + + * The fix is present in golang-1.15 for hirsute and groovy. ** Also affects: golang-1.15 (Ubuntu) Importance: Undecided Status: New ** Changed in: golang-1.15 (Ubuntu) Status: New => Fix Released ** Changed in: golang-1.14 (Ubuntu Hirsute) Assignee: (unassigned) => Dariusz Gadomski (dgadomski) ** Changed in: golang-1.14 (Ubuntu Groovy) Assignee: (unassigned) => Dariusz Gadomski (dgadomski) ** Changed in: golang-1.14 (Ubuntu Focal) Assignee: (unassigned) => Dariusz Gadomski (dgadomski) ** Changed in: golang-1.10 (Ubuntu Bionic) Assignee: (unassigned) => Dariusz Gadomski (dgadomski) ** Changed in: golang-1.10 (Ubuntu Xenial) Assignee: (unassigned) => Dariusz Gadomski (dgadomski) ** Changed in: golang-1.14 (Ubuntu Hirsute) Status: New => In Progress ** Changed in: golang-1.14 (Ubuntu Groovy) Status: New => In Progress ** Changed in: golang-1.14 (Ubuntu Focal) Status: New => In Progress ** Changed in: golang-1.10 (Ubuntu Xenial) Status: New => In Progress ** Changed in: golang-1.10 (Ubuntu Bionic) Status: New => In Progress ** Description changed: [Impact] Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. [Test Case] Described as POC at https://www.redteam-pentesting.de/en/advisories/rt- sa-2020-004/-inconsistent-behavior-of-gos-cgi-and-fastcgi-transport-may- lead-to-cross-site-scripting: 1. Use the snippet of CGI go code provided and run it: go run poc.go 2. Run nginx with the config provided to forward the FastCGI calls to the go program. 3. curl -i -o - http://localhost:8000 4. Observe the output. In an affected golang build the output will say: Content-Type: text/html (...) while in the fixed version it should recognize the content type correctly as: Content-Type: image/png [Where problems could occur] * It may affect deployments where go apps are used as CGI scripts - if the setup was incorrectly relying on hard-coded content type it may require fixing it. [Other Info] - * It has been specifically backported upstream in release 1.14 series: + * It has been specifically backported upstream in release 1.14 series (Starting w/ 1.14.8) as follows: https://go.googlesource.com/go/+/8fcee8abbea1bb959c63a6944f9ddf490a97f802 $ git tag --contains 8fcee8abbe go1.14.10 go1.14.11 go1.14.12 go1.14.13 go1.14.14 go1.14.15 go1.14.8 go1.14.9 - * The fix is present in golang-1.15 for hirsute and groovy. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914372 Title: Ubuntu packages affected by CVE-2020-24553 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/golang-1.14/+bug/1914372/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553
** No longer affects: golang-1.14 (Ubuntu Xenial) ** No longer affects: golang-1.14 (Ubuntu Bionic) ** No longer affects: golang-1.10 (Ubuntu) ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-24553 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914372 Title: Ubuntu packages affected by CVE-2020-24553 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/golang-1.14/+bug/1914372/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553
** Description changed: [Impact] - Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html + Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. [Test Case] - Described as POC at https://www.redteam-pentesting.de/en/advisories/rt- + Described as POC at https://www.redteam-pentesting.de/en/advisories/rt- sa-2020-004/-inconsistent-behavior-of-gos-cgi-and-fastcgi-transport-may- lead-to-cross-site-scripting: - 1. Use the snippet of CGI go code provided and run it: go run poc.go - 2. Run nginx with the config provided to forward the FastCGI calls to the go program. - 3. curl -i -o - http://localhost:8000 - 4. Observe the output. + 1. Use the snippet of CGI go code provided and run it: go run poc.go + 2. Run nginx with the config provided to forward the FastCGI calls to the go program. + 3. curl -i -o - http://localhost:8000 + 4. Observe the output. - In a affected go build the output will say: + In an affected golang build the output will say: Content-Type: text/html (...) while in the fixed version it should recognize the content type correctly as: Content-Type: image/png [Where problems could occur] - * It may affect deployments where go apps are used as CGI scripts - if + * It may affect deployments where go apps are used as CGI scripts - if the setup was incorrectly relying on hard-coded content type it may require fixing it. [Other Info] - - * The fix is present in golang-1.15 for hirsute and groovy. + + * The fix is present in golang-1.15 for hirsute and groovy. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914372 Title: Ubuntu packages affected by CVE-2020-24553 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/golang-1.10/+bug/1914372/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553
Patch proposal for golang-1.10 on Xenial. ** Patch added: "xenial_golang-1.10.debdiff" https://bugs.launchpad.net/ubuntu/+source/golang-1.10/+bug/1914372/+attachment/5459328/+files/xenial_golang-1.10.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914372 Title: Ubuntu packages affected by CVE-2020-24553 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/golang-1.10/+bug/1914372/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553
Patch proposal for golang-1.10 on Bionic. ** Patch added: "bionic_golang-1.10.debdiff" https://bugs.launchpad.net/ubuntu/+source/golang-1.10/+bug/1914372/+attachment/5459326/+files/bionic_golang-1.10.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914372 Title: Ubuntu packages affected by CVE-2020-24553 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/golang-1.10/+bug/1914372/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553
Patch proposal for golang-1.14 on Focal. ** Patch added: "focal_golang-1.14.debdiff" https://bugs.launchpad.net/ubuntu/+source/golang-1.10/+bug/1914372/+attachment/5459325/+files/focal_golang-1.14.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914372 Title: Ubuntu packages affected by CVE-2020-24553 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/golang-1.10/+bug/1914372/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553
Patch proposal for golang-1.14 on Groovy. ** Patch added: "groovy_golang-1.14.debdiff" https://bugs.launchpad.net/ubuntu/+source/golang-1.10/+bug/1914372/+attachment/5459324/+files/groovy_golang-1.14.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914372 Title: Ubuntu packages affected by CVE-2020-24553 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/golang-1.10/+bug/1914372/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553
Patch proposal for golang-1.14 on Groovy. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914372 Title: Ubuntu packages affected by CVE-2020-24553 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/golang-1.10/+bug/1914372/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553
Patch proposal for golang-1.14 for Hirsute ** Patch added: "hirsute_golang-1.14.debdiff" https://bugs.launchpad.net/ubuntu/+source/golang-1.10/+bug/1914372/+attachment/5459322/+files/hirsute_golang-1.14.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914372 Title: Ubuntu packages affected by CVE-2020-24553 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/golang-1.10/+bug/1914372/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
