Hi Tobias, On Wed, Aug 14, 2019 at 09:40:54PM +0200, Dr. Tobias Quathamer wrote: > Hi, > > there are a couple of CVEs in golang: > > CVE-2019-14809: net/url: URL.Parse Multiple Parsing Issues > Issue: https://github.com/golang/go/issues/29098 > > Fixed for golang-1.11: > https://github.com/golang/go/commit/c1d9ca70995dc232a2145e3214f94e03409f6fcc > > Fixed for golang-1.12: > https://github.com/golang/go/commit/3226f2d492963d361af9dfc6714ef141ba606713 > > > CVE-2019-9512, CVE-2019-9514 > net/http, x/net/http2: Denial of Service vulnerabilities in the HTTP/2 > implementation > Issue: https://github.com/golang/go/issues/33606 > > Fixed for golang-1.11: > https://github.com/golang/go/commit/e152b01a468a1c18a290bf9aec52ccea7693c7f2 > > Fixed for golang-1.12: > https://github.com/golang/go/commit/7139b45d1410ded14e1e131151fd8dfc435ede6c
Thanks for your heads-up, I have added entries to track those. Regards, Salvatore
