[Buildroot] [PATCH] package/go: security bump to version 1.16.4
Peter Korsgaard
peter at korsgaard.com
Sat May 8 08:59:00 UTC 2021
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issues:
> - CVE-2021-31525: ReadRequest and ReadResponse in net/http can hit an
> unrecoverable panic when reading a very large header (over 7MB on 64-bit
> architectures, or over 4MB on 32-bit ones). Transport and Client are
> vulnerable and the program can be made to crash by a malicious server.
> Server is not vulnerable by default, but can be if the default max header
> of 1MB is overridden by setting Server.MaxHeaderBytes to a higher value,
> in which case the program can be made to crash by a malicious client.
> https://github.com/golang/go/issues/45710
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list