Summary: | [Tracker] golang.org/x/text: Denial of service via malicious string (CVE-2020-14040) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED OBSOLETE | ||
Severity: | normal | CC: | williamh |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/golang/go/issues/39491 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Sam James
2020-06-17 00:06:11 UTC
We need to see if any packages we carry bundle/vendor a vulnerable version of this package. We do not seem to have it directly in tree. Advisory URL: https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!msg/golang-announce/bXVeAmGOqz0/Y_caUbuWAwAJ Bug URL: https://github.com/golang/go/issues/39491 We can look at references on Github to that bug which should help us track some of these down. |