Date: Thu, 5 Aug 2021 23:11:31 GMT From: Dmitri Goutnik <dmgk@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 55557952f337 - main - security/vuxml: Document lang/go vulnerability Message-ID: <202108052311.175NBVXs021557@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by dmgk: URL: https://cgit.FreeBSD.org/ports/commit/?id=55557952f337a67676d2ff171bcf0610a5dc1e55 commit 55557952f337a67676d2ff171bcf0610a5dc1e55 Author: Dmitri Goutnik <dmgk@FreeBSD.org> AuthorDate: 2021-08-05 23:00:59 +0000 Commit: Dmitri Goutnik <dmgk@FreeBSD.org> CommitDate: 2021-08-05 23:00:59 +0000 security/vuxml: Document lang/go vulnerability --- security/vuxml/vuln-2021.xml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml index f904040bbd0e..284a47041149 100644 --- a/security/vuxml/vuln-2021.xml +++ b/security/vuxml/vuln-2021.xml @@ -1,3 +1,33 @@ + <vuln vid="880552c4-f63f-11eb-9d56-7186043316e9"> + <topic>go -- net/http: panic due to racy read of persistConn after handler panic</topic> + <affects> + <package> + <name>go</name> + <range><lt>1.16.7,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Go project reports:</p> + <blockquote cite="https://github.com/golang/go/issues/46866"> + <p>A net/http/httputil ReverseProxy can panic due to a race + condition if its Handler aborts with ErrAbortHandler, for + example due to an error in copying the response body. An + attacker might be able to force the conditions leading to + the race condition.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2021-36221</cvename> + <url>https://github.com/golang/go/issues/46866</url> + </references> + <dates> + <discovery>2021-06-21</discovery> + <entry>2021-08-05</entry> + </dates> + </vuln> + <vuln vid="1d651770-f4f5-11eb-ba49-001b217b3468"> <topic>Gitlab -- Gitlab</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202108052311.175NBVXs021557>