| Release | Version |
|---|---|
| stretch | 1:0.0+git20161013.8b4af36+dfsg-3 |
| stretch (security) | 1:0.0+git20161013.8b4af36+dfsg-3+deb9u1 |
| buster | 1:0.0+git20181201.351d144+dfsg-3 |
| Bug | stretch | buster | Description |
|---|---|---|---|
| CVE-2021-44716 | vulnerable (no DSA, postponed) | vulnerable | net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontro ... |
| CVE-2021-33194 | vulnerable (no DSA) | vulnerable | golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows atta ... |
| CVE-2021-31525 | vulnerable (no DSA) | vulnerable | net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote a ... |
| CVE-2019-9514 | fixed | vulnerable | Some HTTP/2 implementations are vulnerable to a reset flood, potential ... |
| CVE-2019-9512 | fixed | vulnerable | Some HTTP/2 implementations are vulnerable to ping floods, potentially ... |
| Bug | Description |
|---|---|
| CVE-2018-17848 | The html package (aka x/net/html) through 2018-09-25 in Go mishandles ... |
| CVE-2018-17847 | The html package (aka x/net/html) through 2018-09-25 in Go mishandles ... |
| CVE-2018-17846 | The html package (aka x/net/html) through 2018-09-25 in Go mishandles ... |
| CVE-2018-17143 | The html package (aka x/net/html) through 2018-09-17 in Go mishandles ... |
| CVE-2018-17142 | The html package (aka x/net/html) through 2018-09-17 in Go mishandles ... |
| CVE-2018-17075 | The html package (aka x/net/html) before 2018-07-13 in Go mishandles " ... |
| DSA / DLA | Description |
|---|---|
| DLA-2485-1 | golang-golang-x-net-dev - security update |