| Release | Version |
|---|---|
| stretch | 1.8.1-1 |
| stretch (security) | 1.8.1-1+deb9u1 |
| Bug | stretch | Description |
|---|---|---|
| CVE-2019-9741 | vulnerable (no DSA, postponed) | An issue was discovered in net/http in Go 1.11.5. CRLF injection is po ... |
| CVE-2017-8932 | vulnerable (no DSA, ignored) | A bug in the standard library ScalarMult implementation of curve P-256 ... |
| CVE-2017-15042 | vulnerable (no DSA, ignored) | An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x befo ... |
| CVE-2017-15041 | vulnerable (no DSA, ignored) | Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command ... |
| Bug | Description |
|---|---|
| CVE-2019-6486 | Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 e ... |
| CVE-2018-7187 | The "go get" implementation in Go 1.9.4, when the -insecure command-li ... |
| CVE-2018-6574 | Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases befor ... |
| CVE-2017-1000098 | The net/http package's Request.ParseMultipartForm method starts writin ... |
| CVE-2017-1000097 | On Darwin, user's trust preferences for root certificates were not hon ... |
| DSA / DLA | Description |
|---|---|
| DSA-4380-1 | golang-1.8 - security update |