Description: "Servers where the Handler concurrently reads the request body and writes a response can encounter a data race and crash. The httputil.ReverseProxy Handler is affected. Thanks to Mikael Manukyan, Andrew Kutz, Dave McClure, Tim Downey, Clay Kauzlaric, and Gabe Rosenhouse for reporting this issue. This issue is CVE-2020-15586 and Go issue golang.org/issue/34902." Advisory: https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!msg/golang-announce/XZNfaiwgt2w/E6gHDs32AQAJ Bug: https://golang.org/issue/34902
Please bump to 1.13.13 and 1.14.5.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c7da07357a302bb0788227bdc731f3f9c37c8210 commit c7da07357a302bb0788227bdc731f3f9c37c8210 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2020-07-16 17:51:20 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2020-07-16 17:52:28 +0000 dev-lang/go: 1.14.5 security bump Bug: https://bugs.gentoo.org/732578 Signed-off-by: William Hubbs <williamh@gentoo.org> dev-lang/go/Manifest | 1 + dev-lang/go/go-1.14.5.ebuild | 188 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 189 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=877762541cc1f69c72706628a57c7dc067fabd03 commit 877762541cc1f69c72706628a57c7dc067fabd03 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2020-07-16 17:44:25 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2020-07-16 17:52:27 +0000 dev-lang/go: 1.13.13 security bump Bug: https://bugs.gentoo.org/732578 Signed-off-by: William Hubbs <williamh@gentoo.org> dev-lang/go/Manifest | 1 + dev-lang/go/go-1.13.13.ebuild | 197 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 198 insertions(+)
arm, arm64 and ppc64: Please stabilize. I have stabilized amd64 and x86. Thanks, William
arm64 stable
ppc64 stable
arm stable ---- Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8e442aee5d9239660855cd11ba4bb87631978f5e commit 8e442aee5d9239660855cd11ba4bb87631978f5e Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2020-07-17 14:22:49 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2020-07-17 14:22:49 +0000 dev-lang/go: security cleanup Bug: https://bugs.gentoo.org/732578 Signed-off-by: William Hubbs <williamh@gentoo.org> dev-lang/go/Manifest | 4 - dev-lang/go/go-1.13.10.ebuild | 197 ------------------------------------------ dev-lang/go/go-1.13.12.ebuild | 197 ------------------------------------------ dev-lang/go/go-1.14.2.ebuild | 188 ---------------------------------------- dev-lang/go/go-1.14.4.ebuild | 188 ---------------------------------------- 5 files changed, 774 deletions(-)
GLSA vote: no! Closing.
