oss-sec mailing list archives
Re: CVE Request - Go net/http library - HTTP smuggling
From: Florian Weimer <fweimer () redhat com>
Date: Wed, 29 Jul 2015 21:16:52 +0200
On 07/29/2015 05:15 PM, Jason Buberel wrote:
Hello OSS Security Community, The Go open source project has received notification of an HTTP request smuggling vulnerability in the net/http library ( http://golang.org/pkg/net/http/). The vulnerability was identified in the 1.4.2 release version (http://golang.org/dl) and in the 1.5 release branch.
How does one report such things? Due to lack of published security contact information, I contacted the de-facto subsystem maintainer about the issue, but I have been ignored. (It would be nice to be able to bundle such security updates as far as possible, to avoid recompiling everything constantly.) -- Florian Weimer / Red Hat Product Security
Current thread:
- CVE Request - Go net/http library - HTTP smuggling Jason Buberel (Jul 29)
- Re: CVE Request - Go net/http library - HTTP smuggling Florian Weimer (Jul 29)
- Re: CVE Request - Go net/http library - HTTP smuggling Jason Buberel (Jul 29)
- Re: CVE Request - Go net/http library - HTTP smuggling Jason Buberel (Aug 04)
- Re: CVE Request - Go net/http library - HTTP smuggling cve-assign (Aug 05)
- Re: Re: CVE Request - Go net/http library - HTTP smuggling Martin Prpic (Aug 06)
- Re: Re: CVE Request - Go net/http library - HTTP smuggling Jason Buberel (Aug 06)
- Re: Re: CVE Request - Go net/http library - HTTP smuggling Jason Buberel (Aug 10)
- Re: Re: CVE Request - Go net/http library - HTTP smuggling Jason Buberel (Aug 12)
- Re: Re: CVE Request - Go net/http library - HTTP smuggling Jason Buberel (Aug 12)
- Re: CVE Request - Go net/http library - HTTP smuggling Jason Buberel (Jul 29)
- Re: CVE Request - Go net/http library - HTTP smuggling Florian Weimer (Jul 29)