-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : golang Version : 2:1.3.3-1+deb8u2 CVE ID : CVE-2019-9741 Debian Bug : #924630
It was discovered that there was a CRLF injection attack in the Go programming language runtime library. Passing \r\n to http.NewRequest could allow execution of arbitrary HTTP headers or Redis commands. For Debian 8 "Jessie", this issue has been fixed in golang version 2:1.3.3-1+deb8u2. We recommend that you upgrade your golang packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlykzZkACgkQHpU+J9Qx HlhZ+g/9GnmPttq9BVBNbk47C+KnvCeaN9QOIruTGy8fznTK9DpI1Gr02K9DuUPY VdLieZ9oPdjWTGQFpzx8S/2xH6aFmIiJxJZ7AsVWk0omt82RjMvjoikac4u2RTIM AoxpHjeVE/hrKwsYoTO0Cdn/Y7KdAVMS/OtxkkUnuq4Z6uiLrbaDRR9s5seIZh7t nS0QJMfej1ZnJsdVml7dRi5IQAqQ26cWK56w4Rk/KmcFLHGv6p1Jnlt1oxlS53te fpzWrNNeghJ5mqk+qatt4NjM53T6IKuahMmgOW5/1721KJ5QaC3ssgB9CQOr6w4F G1oFM1WyYz7C/nTnrdyf4eElopJQBjNBFLPhBNov//lXYwWqTvPZkf+497jFkOwj fs4V06I2sU0XTFkgfs0fVyILNrTXB3GiqkutB+8KLXloaSEtlJIXudxFDsfIKM0I a8GHwt4b9ZtYxQXP54ELTDlXy0qOzjL15YszzeYeJKGoJaS+VoubDJCvUbQaT9oA gh+3/qBgU27TX9Cwq/0d0mfM+pgMBXkuYDIZph7lXnFLx63w/CMx5p1D/i+espwe e/yMczhuMvsvO8xee5lzEidVwWaMZv9ZEJrq9s46Ns1FgrSbF059h2wQTNmgNxgr uQlIs3s/A8INp09YwTONPBJhvo3KOOVvcxJsruggI3MAvOVCFiM= =3CSu -----END PGP SIGNATURE-----