Hi, On Sat, Aug 7, 2021 at 1:51 AM Salvatore Bonaccorso <[email protected]> wrote: > > Source: golang-1.15 > Version: 1.15.9-6 > Severity: important > Tags: security upstream > Forwarded: https://github.com/golang/go/issues/46866 > X-Debbugs-Cc: [email protected], Debian Security Team > <[email protected]> > > Hi, > > The following vulnerability was published for golang-1.15. > > CVE-2021-36221[0]: > | net/http: panic due to racy read of persistConn after handler panic >
The issue looks minor(upstream disclose it without pre-announce). Should we fix it before the bullseye release? Fixing issues in the compiler's std library needs to rebuild the whole world, see #990825 Or we just postpone later, or just fix the compiler package along? -- Shengjing Zhu
