Hello community, here is the log from the commit of package go1.11 for openSUSE:Factory checked in at 2019-08-22 10:51:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/go1.11 (Old) and /work/SRC/openSUSE:Factory/.go1.11.new.22127 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "go1.11" Thu Aug 22 10:51:15 2019 rev:15 rq:724682 version:1.11.13 Changes: -------- --- /work/SRC/openSUSE:Factory/go1.11/go1.11.changes 2019-08-15 12:27:46.246570711 +0200 +++ /work/SRC/openSUSE:Factory/.go1.11.new.22127/go1.11.changes 2019-08-22 10:51:18.413708465 +0200 @@ -5 +5 @@ - net/http and net/url packages addressing: + net/http and net/url packages addressing CVEs: @@ -7,0 +8,3 @@ + * bnc#1146111 VUL-0: CVE-2019-9512: go: HTTP/2: flood using PING frames results in unbounded memory growth + * bnc#1146115 VUL-0: CVE-2019-9514: go: HTTP/2 implementation is vulnerable to a reset flood, potentially leading to a denial of service + * bnc#1146123 VUL-0: CVE-2019-14809: go: malformed hosts in URLs leads to authorization bypass ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------
