[Buildroot] [PATCH-2019.02] package/go: security bump to version 1.11.6
peter at korsgaard.com
Fri Apr 5 19:56:38 UTC 2019
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security vulnerability:
> CVE-2019-9741: An issue was discovered in net/http in Go 1.11.5. CRLF
> injection is possible if the attacker controls a url parameter, as
> demonstrated by the second argument to http.NewRequest with \r\n followed by
> an HTTP header or a Redis command.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2019.02.x, thanks.
Bye, Peter Korsgaard
More information about the buildroot