FreeBSD Bugzilla – Attachment 160318 Details for
Bug 202633
lang/go {14}: security/vuxml: multiple vulnerabilties (CVE-2015-5739, CVE-2015-5740, CVE-2015-5741)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
security/vuxml entry for go
go_vuxml.diff (text/plain), 1.74 KB, created by
Jason Unovitch
on 2015-08-25 02:27:09 UTC
(
hide
)
Description:
security/vuxml entry for go
Filename:
MIME Type:
Creator:
Jason Unovitch
Created:
2015-08-25 02:27:09 UTC
Size:
1.74 KB
patch
obsolete
>Index: vuln.xml >=================================================================== >--- vuln.xml (revision 395196) >+++ vuln.xml (working copy) >@@ -58,6 +58,45 @@ > > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="4464212e-4acd-11e5-934b-002590263bf5"> >+ <topic>go -- multiple vulnerabilities</topic> >+ <affects> >+ <package> >+ <name>go</name> >+ <range><lt>1.4.3,1</lt></range> >+ </package> >+ <package> >+ <name>go14</name> >+ <range><lt>1.4.3</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Jason Buberel, Go Product Manager, reports:</p> >+ <blockquote cite="http://seclists.org/oss-sec/2015/q3/237"> >+ <p>CVE-2015-5739 - "Content Length" treated as valid header</p> >+ <p>CVE-2015-5740 - Double content-length headers does not return 400 >+ error</p> >+ <p>CVE-2015-5741 - Additional hardening, not sending Content-Length >+ w/Transfer-Encoding, Closing connections</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2015-5739</cvename> >+ <cvename>CVE-2015-5740</cvename> >+ <cvename>CVE-2015-5741</cvename> >+ <url>https://github.com/golang/go/commit/117ddcb83d7f42d6aa72241240af99ded81118e9</url> >+ <url>https://github.com/golang/go/commit/143822585e32449860e624cace9d2e521deee62e</url> >+ <url>https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f</url> >+ <url>http://seclists.org/oss-sec/2015/q3/237</url> >+ </references> >+ <dates> >+ <discovery>2015-07-29</discovery> >+ <entry>2015-08-25</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="6900e6f1-4a79-11e5-9ad8-14dae9d210b8"> > <topic>pcre -- heap overflow vulnerability</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=160318">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 202633
: 160318 |
161468
|
161469