This bug was fixed in the package golang-1.14 - 1.14.7-2ubuntu2
---------------
golang-1.14 (1.14.7-2ubuntu2) hirsute; urgency=medium
* SECURITY UPDATE: XSS (LP: #1914372)
- debian/patches/CVE-2020-24553.patch: Add Content-Type detection in
net/http/cgi and net/http/fcgi.
- CVE-2020-24553
-- Dariusz Gadomski <[email protected]> Wed, 03 Feb 2021 09:44:21
+0100
** Changed in: golang-1.14 (Ubuntu Hirsute)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1914372
Title:
Ubuntu packages affected by CVE-2020-24553
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/golang-1.14/+bug/1914372/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
