Description: "A net/http/httputil ReverseProxy can panic due to a race condition if its Handler aborts with ErrAbortHandler, for example due to an error in copying the response body. An attacker might be able to force the conditions leading to the race condition." ---- Please bump to 1.16.7 and 1.15.15.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=687e101e3cec3dcb5b5c6fc06a54a886bc7abb5b commit 687e101e3cec3dcb5b5c6fc06a54a886bc7abb5b Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2021-08-09 23:04:21 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2021-08-09 23:04:27 +0000 dev-lang/go: stable 1.15.15 and 1.16.7 on amd64 Bug: https://bugs.gentoo.org/806659 Package-Manager: Portage-3.0.20, Repoman-3.0.2 Signed-off-by: William Hubbs <williamh@gentoo.org> dev-lang/go/go-1.15.15.ebuild | 2 +- dev-lang/go/go-1.16.7.ebuild | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6775114ea7a66b9503c26032d83f07b2718fb218 commit 6775114ea7a66b9503c26032d83f07b2718fb218 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2021-08-09 23:01:38 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2021-08-09 23:02:20 +0000 dev-lang/go: 1.15.15 and 1.16.7 security bump Bug: https://bugs.gentoo.org/806659 Package-Manager: Portage-3.0.20, Repoman-3.0.2 Signed-off-by: William Hubbs <williamh@gentoo.org> dev-lang/go/Manifest | 2 + dev-lang/go/go-1.15.15.ebuild | 189 ++++++++++++++++++++++++++++++++++++++++ dev-lang/go/go-1.16.7.ebuild | 194 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 385 insertions(+)
ppc64 stable
x86 stable
Unable to check for sanity: > no match for package: dev-lang/go-1.15.15
I guess we can drop 1.15.x. commit 8cccf5501d043102afb2036c7451337137e1be9a Author: William Hubbs <williamh@gentoo.org> Date: Fri Aug 20 13:57:42 2021 -0500 dev-lang/go: remove unsupported go 1.15.x Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: William Hubbs <williamh@gentoo.org>
All sanity-check issues have been resolved
arm done
arm64 done all arches done
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=162e233bb6af458f015d183b78b14a0d22910577 commit 162e233bb6af458f015d183b78b14a0d22910577 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2021-08-23 05:34:46 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2021-08-23 05:35:06 +0000 dev-lang/go: remove 1.16.6 Bug: https://bugs.gentoo.org/806659 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: William Hubbs <williamh@gentoo.org> dev-lang/go/Manifest | 1 - dev-lang/go/go-1.16.6.ebuild | 194 ------------------------------------------- 2 files changed, 195 deletions(-)
Unable to check for sanity: > no match for package: dev-lang/go-1.16.7
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=3cb3a96a3023359a20f60ec1f45f10c1fc4012ca commit 3cb3a96a3023359a20f60ec1f45f10c1fc4012ca Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-04 13:53:02 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-04 13:59:34 +0000 [ GLSA 202208-02 ] Go: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/754210 Bug: https://bugs.gentoo.org/766216 Bug: https://bugs.gentoo.org/775326 Bug: https://bugs.gentoo.org/788640 Bug: https://bugs.gentoo.org/794784 Bug: https://bugs.gentoo.org/802054 Bug: https://bugs.gentoo.org/806659 Bug: https://bugs.gentoo.org/807049 Bug: https://bugs.gentoo.org/816912 Bug: https://bugs.gentoo.org/821859 Bug: https://bugs.gentoo.org/828655 Bug: https://bugs.gentoo.org/833156 Bug: https://bugs.gentoo.org/834635 Bug: https://bugs.gentoo.org/838130 Bug: https://bugs.gentoo.org/843644 Bug: https://bugs.gentoo.org/849290 Bug: https://bugs.gentoo.org/857822 Bug: https://bugs.gentoo.org/862822 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-02.xml | 101 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 101 insertions(+)
GLSA released, all done!