FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

go -- multiple vulnerabilities

Affected packages
go < 1.4.3,1
go14 < 1.4.3

Details

VuXML ID 4464212e-4acd-11e5-934b-002590263bf5
Discovery 2015-07-29
Entry 2015-08-25

Jason Buberel, Go Product Manager, reports:

CVE-2015-5739 - "Content Length" treated as valid header

CVE-2015-5740 - Double content-length headers does not return 400 error

CVE-2015-5741 - Additional hardening, not sending Content-Length w/Transfer-Encoding, Closing connections

References

CVE Name CVE-2015-5739
CVE Name CVE-2015-5740
CVE Name CVE-2015-5741
URL http://seclists.org/oss-sec/2015/q3/237
URL https://github.com/golang/go/commit/117ddcb83d7f42d6aa72241240af99ded81118e9
URL https://github.com/golang/go/commit/143822585e32449860e624cace9d2e521deee62e
URL https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f