Information on source package golang

Available versions

ReleaseVersion
jessie2:1.3.3-1
jessie (security)2:1.3.3-1+deb8u2

Open issues

BugjessieDescription
TEMP-0000000-1C4729vulnerable (no DSA)net/http: broken trailers don't close a server connection
CVE-2019-14809vulnerable (no DSA, ignored)net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malfo ...
CVE-2018-7187vulnerable (no DSA, ignored)The "go get" implementation in Go 1.9.4, when the -insecure command-li ...
CVE-2018-6574vulnerable (no DSA, ignored)Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases befor ...
CVE-2017-15042vulnerable (no DSA, ignored)An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x befo ...
CVE-2017-15041vulnerable (no DSA, ignored)Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command ...
CVE-2017-1000098vulnerable (no DSA, ignored)The net/http package's Request.ParseMultipartForm method starts writin ...
CVE-2016-3959vulnerable (no DSA)The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x ...
CVE-2015-5741vulnerable (no DSA)other discoveries of security-relevant RFC 7230 violations
CVE-2015-5740vulnerable (no DSA)The net/http library in net/http/transfer.go in Go before 1.4.3 does n ...
CVE-2015-5739vulnerable (no DSA)The net/http library in net/textproto/reader.go in Go before 1.4.3 doe ...

Open unimportant issues

BugjessieDescription
CVE-2016-5386vulnerableThe net/http package in Go through 1.6 does not attempt to address RFC ...

Resolved issues

BugDescription
CVE-2019-9741An issue was discovered in net/http in Go 1.11.5. CRLF injection is po ...
CVE-2019-9514Some HTTP/2 implementations are vulnerable to a reset flood, potential ...
CVE-2019-9512Some HTTP/2 implementations are vulnerable to ping floods, potentially ...
CVE-2019-6486Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 e ...
CVE-2017-8932A bug in the standard library ScalarMult implementation of curve P-256 ...
CVE-2017-1000097On Darwin, user's trust preferences for root certificates were not hon ...
CVE-2016-3958Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x befor ...
CVE-2015-8618The Int.Exp Montgomery code in the math/big library in Go 1.5.x before ...
CVE-2014-7189crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enab ...

Security announcements

DSA / DLADescription
DLA-1749-1golang - security update
DLA-1664-1golang - security update
DLA-1294-1golang - security update
DLA-1148-1golang - security update
DLA-1123-1golang - security update

Search for package or bug name: Reporting problems