Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 29 Jul 2015 21:16:52 +0200
From: Florian Weimer <fweimer@...hat.com>
To: jbuberel@...gle.com
Cc: oss-security@...ts.openwall.com
Subject: Re: CVE Request - Go net/http library - HTTP smuggling

On 07/29/2015 05:15 PM, Jason Buberel wrote:
> Hello OSS Security Community,
> 
> The Go open source project has received notification of an HTTP request
> smuggling vulnerability in the net/http library (
> http://golang.org/pkg/net/http/). The vulnerability was identified in the
> 1.4.2 release version (http://golang.org/dl) and in the 1.5 release branch.

How does one report such things?

Due to lack of published security contact information, I contacted the
de-facto subsystem maintainer about the issue, but I have been ignored.

(It would be nice to be able to bundle such security updates as far as
possible, to avoid recompiling everything constantly.)

-- 
Florian Weimer / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ