Now
MAIN commitmail json YAML
pkgsrc/lang/go/version.mk@1.182
/
diff
pkgsrc/lang/go119/PLIST@1.11 / diff
pkgsrc/lang/go119/distinfo@1.13 / diff
pkgsrc/lang/go119/PLIST@1.11 / diff
pkgsrc/lang/go119/distinfo@1.13 / diff
go119: update to 1.19.11 (security)
This minor release includes 1 security fix following the security policy:
net/http: insufficient sanitization of Host header
The HTTP/1 client did not fully validate the contents of the Host header. A
maliciously crafted Host header could inject additional headers or entire
requests. The HTTP/1 client now refuses to send requests containing an invalid
Request.Host or Request.URL.Host value.
Thanks to Bartek Nowotarski for reporting this issue.
Includes security fixes for CVE-2023-29406 and Go issue
https://go.dev/issue/60374
This minor release includes 1 security fix following the security policy:
net/http: insufficient sanitization of Host header
The HTTP/1 client did not fully validate the contents of the Host header. A
maliciously crafted Host header could inject additional headers or entire
requests. The HTTP/1 client now refuses to send requests containing an invalid
Request.Host or Request.URL.Host value.
Thanks to Bartek Nowotarski for reporting this issue.
Includes security fixes for CVE-2023-29406 and Go issue
https://go.dev/issue/60374