Candidate: CVE-2019-9741
PublicDate: 2019-03-13 08:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9741
Description:
 An issue was discovered in net/http in Go 1.11.5. CRLF injection is
 possible if the attacker controls a url parameter, as demonstrated by the
 second argument to http.NewRequest with \r\n followed by an HTTP header or
 a Redis command.
Ubuntu-Description:
Notes:
 mdeslaur> Packages built using golang need to be rebuilt once the
 mdeslaur> vulnerability has been fixed. This CVE entry does not
 mdeslaur> list packages that need rebuilding outside of the main
 mdeslaur> repository or the Ubuntu variants with PPA overlays.
Bugs:
 https://github.com/golang/go/issues/30794
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924630
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]

Patches_golang:
upstream_golang: needs-triage
precise/esm_golang: DNE
trusty_golang: ignored (reached end-of-life)
trusty/esm_golang: DNE (trusty was needs-triage)
xenial_golang: DNE
bionic_golang: DNE
cosmic_golang: DNE
disco_golang: DNE
eoan_golang: DNE
focal_golang: DNE
groovy_golang: DNE
hirsute_golang: DNE
impish_golang: DNE
jammy_golang: DNE
devel_golang: DNE

Patches_golang-1.6:
upstream_golang-1.6: needs-triage
precise/esm_golang-1.6: DNE
trusty_golang-1.6: ignored (reached end-of-life)
trusty/esm_golang-1.6: DNE (trusty was needs-triage)
xenial_golang-1.6: ignored (end of standard support, was needs-triage)
esm-infra/xenial_golang-1.6: needs-triage
bionic_golang-1.6: DNE
cosmic_golang-1.6: DNE
disco_golang-1.6: DNE
eoan_golang-1.6: DNE
focal_golang-1.6: DNE
groovy_golang-1.6: DNE
hirsute_golang-1.6: DNE
impish_golang-1.6: DNE
jammy_golang-1.6: DNE
devel_golang-1.6: DNE

Patches_golang-1.7:
upstream_golang-1.7: needs-triage
precise/esm_golang-1.7: DNE
trusty_golang-1.7: DNE
trusty/esm_golang-1.7: DNE
xenial_golang-1.7: DNE
bionic_golang-1.7: DNE
cosmic_golang-1.7: ignored (reached end-of-life)
disco_golang-1.7: DNE
eoan_golang-1.7: DNE
focal_golang-1.7: DNE
groovy_golang-1.7: DNE
hirsute_golang-1.7: DNE
impish_golang-1.7: DNE
jammy_golang-1.7: DNE
devel_golang-1.7: DNE

Patches_golang-1.8:
upstream_golang-1.8: needs-triage
precise/esm_golang-1.8: DNE
trusty_golang-1.8: DNE
trusty/esm_golang-1.8: DNE
xenial_golang-1.8: DNE
bionic_golang-1.8: needed
cosmic_golang-1.8: ignored (reached end-of-life)
disco_golang-1.8: DNE
eoan_golang-1.8: DNE
focal_golang-1.8: DNE
groovy_golang-1.8: DNE
hirsute_golang-1.8: DNE
impish_golang-1.8: DNE
jammy_golang-1.8: DNE
devel_golang-1.8: DNE

Patches_golang-1.9:
upstream_golang-1.9: needs-triage
precise/esm_golang-1.9: DNE
trusty_golang-1.9: DNE
trusty/esm_golang-1.9: DNE
xenial_golang-1.9: DNE
bionic_golang-1.9: needed
cosmic_golang-1.9: ignored (reached end-of-life)
disco_golang-1.9: DNE
eoan_golang-1.9: DNE
focal_golang-1.9: DNE
groovy_golang-1.9: DNE
hirsute_golang-1.9: DNE
impish_golang-1.9: DNE
jammy_golang-1.9: DNE
devel_golang-1.9: DNE

Patches_golang-1.10:
upstream_golang-1.10: needs-triage
precise/esm_golang-1.10: DNE
trusty_golang-1.10: ignored (out of standard support)
trusty/esm_golang-1.10: needs-triage
xenial_golang-1.10: ignored (end of standard support, was needed)
esm-infra/xenial_golang-1.10: needs-triage
bionic_golang-1.10: needed
cosmic_golang-1.10: ignored (reached end-of-life)
disco_golang-1.10: ignored (reached end-of-life)
eoan_golang-1.10: DNE
focal_golang-1.10: DNE
groovy_golang-1.10: DNE
hirsute_golang-1.10: DNE
impish_golang-1.10: DNE
jammy_golang-1.10: DNE
devel_golang-1.10: DNE

Patches_golang-1.11:
upstream_golang-1.11: released (1.11.6)
precise/esm_golang-1.11: DNE
trusty_golang-1.11: DNE
trusty/esm_golang-1.11: DNE
xenial_golang-1.11: DNE
bionic_golang-1.11: DNE
cosmic_golang-1.11: DNE
disco_golang-1.11: ignored (reached end-of-life)
eoan_golang-1.11: DNE
focal_golang-1.11: DNE
groovy_golang-1.11: DNE
hirsute_golang-1.11: DNE
impish_golang-1.11: DNE
jammy_golang-1.11: DNE
devel_golang-1.11: DNE

Patches_golang-1.12:
 upstream: https://github.com/golang/go/commit/829c5df58694b3345cb5ea41206783c8ccf5c3ca
 upstream: https://github.com/golang/go/commit/f1d662f34788f4a5f087581d0951cdf4e0f6e708
upstream_golang-1.12: needs-triage
precise/esm_golang-1.12: DNE
trusty_golang-1.12: DNE
trusty/esm_golang-1.12: DNE
xenial_golang-1.12: DNE
bionic_golang-1.12: DNE
cosmic_golang-1.12: DNE
disco_golang-1.12: not-affected (1.12-1ubuntu1)
eoan_golang-1.12: not-affected (1.12.5-1ubuntu1)
focal_golang-1.12: DNE
groovy_golang-1.12: DNE
hirsute_golang-1.12: DNE
impish_golang-1.12: DNE
jammy_golang-1.12: DNE
devel_golang-1.12: DNE