Index: vuln.xml =================================================================== --- vuln.xml (revision 395196) +++ vuln.xml (working copy) @@ -58,6 +58,45 @@ --> + + go -- multiple vulnerabilities + + + go + 1.4.3,1 + + + go14 + 1.4.3 + + + + +

Jason Buberel, Go Product Manager, reports:

+
CVE-2015-5739 - "Content Length" treated as valid header
+
CVE-2015-5740 - Double content-length headers does not return 400 + error
+
CVE-2015-5741 - Additional hardening, not sending Content-Length + w/Transfer-Encoding, Closing connections
+

+ + + + CVE-2015-5739 + CVE-2015-5740 + CVE-2015-5741 + https://github.com/golang/go/commit/117ddcb83d7f42d6aa72241240af99ded81118e9 + https://github.com/golang/go/commit/143822585e32449860e624cace9d2e521deee62e + https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f + http://seclists.org/oss-sec/2015/q3/237 + + + 2015-07-29 + 2015-08-25 + + + pcre -- heap overflow vulnerability