From ${URL} : An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command. Reference: https://github.com/golang/go/issues/30794 @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
Arch teams, please stabilize dev-lang/go-1.12.1. I will handle amd64. Thanks, William
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=09d8a22411e33d1ea7e44df9aa118994c92f2c39 commit 09d8a22411e33d1ea7e44df9aa118994c92f2c39 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2019-03-17 21:24:53 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2019-03-17 21:29:29 +0000 dev-lang/go: stable 1.12.1 on amd64 Bug: https://bugs.gentoo.org/680240 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: William Hubbs <williamh@gentoo.org> dev-lang/go/go-1.12.1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
arm stable
(In reply to Mikle Kolyada from comment #3) > arm stable hmm no, this says a package list is empty
x86 stable
@maintainer, please drop vulnerable.
Maintainer(s), please drop the vulnerable version(s). Version: 1.11.5
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4e983932e78749663d33aa91cfd0f95491552ab5 commit 4e983932e78749663d33aa91cfd0f95491552ab5 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2019-03-31 19:11:20 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2019-03-31 19:12:49 +0000 dev-lang/go: remove vulnerable version 1.11.5 Bug: https://bugs.gentoo.org/680240 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: William Hubbs <williamh@gentoo.org> dev-lang/go/Manifest | 1 - dev-lang/go/go-1.11.5.ebuild | 236 ------------------------------------------- 2 files changed, 237 deletions(-)
Arches and Maintainer(s), Thank you for your work.