This bug was fixed in the package golang-1.14 - 1.14.7-2ubuntu2
---
golang-1.14 (1.14.7-2ubuntu2) hirsute; urgency=medium
* SECURITY UPDATE: XSS (LP: #1914372)
- debian/patches/CVE-2020-24553.patch: Add Content-Type detection in
net/http/cgi and net/http/fcgi.
-
This bug was fixed in the package golang-1.14 - 1.14.7-2ubuntu1.1
---
golang-1.14 (1.14.7-2ubuntu1.1) groovy-security; urgency=medium
* SECURITY UPDATE: XSS (LP: #1914372)
- debian/patches/CVE-2020-24553.patch: Add Content-Type detection in
net/http/cgi and net/http/fcgi.
This bug was fixed in the package golang-1.10 - 1.10.4-2ubuntu1~16.04.2
---
golang-1.10 (1.10.4-2ubuntu1~16.04.2) xenial-security; urgency=medium
* SECURITY UPDATE: XSS (LP: #1914372)
- debian/patches/CVE-2020-24553.patch: Add Content-Type detection in
net/http/cgi and
This bug was fixed in the package golang-1.10 - 1.10.4-2ubuntu1~18.04.2
---
golang-1.10 (1.10.4-2ubuntu1~18.04.2) bionic-security; urgency=medium
* SECURITY UPDATE: XSS (LP: #1914372)
- debian/patches/CVE-2020-24553.patch: Add Content-Type detection in
net/http/cgi and
** Description changed:
[Impact]
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html
is the default for CGI/FCGI handlers that lack a Content-Type header.
[Test Case]
Described as POC at https://www.redteam-pentesting.de/en/advisories/rt-
** No longer affects: golang-1.14 (Ubuntu Xenial)
** No longer affects: golang-1.14 (Ubuntu Bionic)
** No longer affects: golang-1.10 (Ubuntu)
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-24553
--
You received this bug notification because you are a member of नेपाली
भाषा
6 matches
Mail list logo
