-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4534-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 27, 2019 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : golang-1.11 CVE ID : CVE-2019-16276 It was discovered that the Go programming language did accept and normalize invalid HTTP/1.1 headers with a space before the colon, which could lead to filter bypasses or request smuggling in some setups. For the stable distribution (buster), this problem has been fixed in version 1.11.6-1+deb10u2. We recommend that you upgrade your golang-1.11 packages. For the detailed security status of golang-1.11 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/golang-1.11 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl2OcbwACgkQEMKTtsN8 TjZIGw//dv4qLKkU85Mih4nGiGln5gAqEilleYttLbYsgEPpEuaHLEDy0cwOPnW8 HLsgzTUHty3eJ6qAe0hf84xfDWwv2xrKUT/LZd66qUjlam9OzvXrjW/+gp22Vi+Q dOE16y918WbHSbAmfCq865FXHDhBZzj1ixw8cDOgwpDMmBdhjRUP2rkS5Su4+prw +2QPPs677awRQvwCcSaAQV5qrYUH+XpOmIAfIqND7NiSkf3l/w/5GUj1FUx/MnCw xwKiaA06VAO5ky2eqWgJ9ToSzgIyqHeeU7DbxFH34TSXdsU84SPWUOGLpySc23Yp OJ6GAx74tAoWsEx20YYEHj3n3bveHA0NPGVpzTYV9WdS/YUg0mWMjXSWZraogkQB 2d534WOkJwcRecT4fp/g2POod6+8V54y2tHmlLofjbHnjfQ/p9WAlL3kxX7/bKaH rh1GvjZO8Cplj0CAFnn+NrDnJHMbzR8WzQ61SjW0kZ1TqebDvuWDig2ixJpDelpM jk5OwZtS+PO2pZiVtdQlIh8LaIY1n7d39R8nQX9GN7Lzg883FefOd2KamPuSx4dK /Qnj7AX9Gt8z3M+K2xJQ90WhCUTBD7EBznlRYthi9d0+DqaEFLuOCdYqgxTPcqyw 5xXK/ZKCsiRXfDQRu7bPErecQ4zUoNHnr2NPuthzbPcKMcsrGk8= =I2Ah -----END PGP SIGNATURE-----
