Candidate: CVE-2015-5741
PublicDate: 2020-02-08 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5741
 https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f
Description:
 The net/http library in net/http/transfer.go in Go before 1.4.3 does not
 properly parse HTTP headers, which allows remote attackers to conduct HTTP
 request smuggling attacks via a request that contains Content-Length and
 Transfer-Encoding header fields.
Ubuntu-Description:
Notes:
 sbeattie> fixed in golang 1.5beta1
 sbeattie> library code is included in gccgo
 mdeslaur> Packages built using golang need to be rebuilt once the
 mdeslaur> vulnerability has been fixed. This CVE entry does not
 mdeslaur> list packages that need rebuilding outside of the main
 mdeslaur> repository or the Ubuntu variants with PPA overlays.
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_golang:
 upstream: https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f
upstream_golang: released (1.5beta1)
precise_golang: ignored (reached end-of-life)
precise/esm_golang: DNE (precise was needs-triage)
trusty_golang: ignored (reached end-of-life)
trusty/esm_golang: DNE (trusty was needed)
vivid_golang: ignored (reached end-of-life)
vivid/stable-phone-overlay_golang: ignored (reached end-of-life)
vivid/ubuntu-core_golang: ignored (reached end-of-life)
wily_golang: not-affected (2:1.5.1-0ubuntu2)
xenial_golang: DNE
yakkety_golang: DNE
zesty_golang: DNE
artful_golang: DNE
bionic_golang: DNE
cosmic_golang: DNE
disco_golang: DNE
eoan_golang: DNE
focal_golang: DNE
groovy_golang: DNE
hirsute_golang: DNE
impish_golang: DNE
jammy_golang: DNE
devel_golang: DNE

Patches_gccgo-5:
upstream_gccgo-5: needs-triage
precise_gccgo-5: DNE
precise/esm_gccgo-5: DNE
trusty_gccgo-5: DNE
trusty/esm_gccgo-5: DNE
vivid_gccgo-5: ignored (reached end-of-life)
vivid/stable-phone-overlay_gccgo-5: ignored (reached end-of-life)
vivid/ubuntu-core_gccgo-5: ignored (reached end-of-life)
wily_gccgo-5: DNE
xenial_gccgo-5: DNE
yakkety_gccgo-5: DNE
zesty_gccgo-5: DNE
artful_gccgo-5: DNE
bionic_gccgo-5: DNE
cosmic_gccgo-5: DNE
disco_gccgo-5: DNE
eoan_gccgo-5: DNE
focal_gccgo-5: DNE
groovy_gccgo-5: DNE
hirsute_gccgo-5: DNE
impish_gccgo-5: DNE
jammy_gccgo-5: DNE
devel_gccgo-5: DNE

Patches_gccgo-4.9:
upstream_gccgo-4.9: needs-triage
precise_gccgo-4.9: DNE
precise/esm_gccgo-4.9: DNE
trusty_gccgo-4.9: ignored (reached end-of-life)
trusty/esm_gccgo-4.9: needs-triage
vivid_gccgo-4.9: DNE
vivid/stable-phone-overlay_gccgo-4.9: DNE
vivid/ubuntu-core_gccgo-4.9: DNE
wily_gccgo-4.9: DNE
xenial_gccgo-4.9: DNE
yakkety_gccgo-4.9: DNE
zesty_gccgo-4.9: DNE
artful_gccgo-4.9: DNE
bionic_gccgo-4.9: DNE
cosmic_gccgo-4.9: DNE
disco_gccgo-4.9: DNE
eoan_gccgo-4.9: DNE
focal_gccgo-4.9: DNE
groovy_gccgo-4.9: DNE
hirsute_gccgo-4.9: DNE
impish_gccgo-4.9: DNE
jammy_gccgo-4.9: DNE
devel_gccgo-4.9: DNE

Patches_gccgo-4.8:
upstream_gccgo-4.8: needs-triage
precise_gccgo-4.8: DNE
precise/esm_gccgo-4.8: DNE
trusty_gccgo-4.8: DNE
trusty/esm_gccgo-4.8: DNE
vivid_gccgo-4.8: DNE
vivid/stable-phone-overlay_gccgo-4.8: DNE
vivid/ubuntu-core_gccgo-4.8: DNE
wily_gccgo-4.8: DNE
xenial_gccgo-4.8: DNE
yakkety_gccgo-4.8: DNE
zesty_gccgo-4.8: DNE
artful_gccgo-4.8: DNE
bionic_gccgo-4.8: DNE
cosmic_gccgo-4.8: DNE
disco_gccgo-4.8: DNE
eoan_gccgo-4.8: DNE
focal_gccgo-4.8: DNE
groovy_gccgo-4.8: DNE
hirsute_gccgo-4.8: DNE
impish_gccgo-4.8: DNE
jammy_gccgo-4.8: DNE
devel_gccgo-4.8: DNE

Patches_gccgo-4.7:
upstream_gccgo-4.7: needs-triage
precise_gccgo-4.7: ignored (reached end-of-life)
precise/esm_gccgo-4.7: DNE (precise was needs-triage)
trusty_gccgo-4.7: DNE
trusty/esm_gccgo-4.7: DNE
vivid_gccgo-4.7: DNE
vivid/stable-phone-overlay_gccgo-4.7: DNE
vivid/ubuntu-core_gccgo-4.7: DNE
wily_gccgo-4.7: DNE
xenial_gccgo-4.7: DNE
yakkety_gccgo-4.7: DNE
zesty_gccgo-4.7: DNE
artful_gccgo-4.7: DNE
bionic_gccgo-4.7: DNE
cosmic_gccgo-4.7: DNE
disco_gccgo-4.7: DNE
eoan_gccgo-4.7: DNE
focal_gccgo-4.7: DNE
groovy_gccgo-4.7: DNE
hirsute_gccgo-4.7: DNE
impish_gccgo-4.7: DNE
jammy_gccgo-4.7: DNE
devel_gccgo-4.7: DNE

Patches_gcc-5:
upstream_gcc-5: needs-triage
precise_gcc-5: DNE
precise/esm_gcc-5: DNE
trusty_gcc-5: DNE
trusty/esm_gcc-5: DNE
vivid_gcc-5: DNE
vivid/stable-phone-overlay_gcc-5: DNE
vivid/ubuntu-core_gcc-5: DNE
wily_gcc-5: ignored (reached end-of-life)
xenial_gcc-5: ignored (end of standard support, was needs-triage)
esm-infra/xenial_gcc-5: needs-triage
yakkety_gcc-5: ignored (reached end-of-life)
zesty_gcc-5: ignored (reached end-of-life)
artful_gcc-5: ignored (reached end-of-life)
bionic_gcc-5: needs-triage
cosmic_gcc-5: ignored (reached end-of-life)
disco_gcc-5: DNE
eoan_gcc-5: DNE
focal_gcc-5: DNE
groovy_gcc-5: DNE
hirsute_gcc-5: DNE
impish_gcc-5: DNE
jammy_gcc-5: DNE
devel_gcc-5: DNE