Candidate: CVE-2020-7919
PublicDate: 2020-03-16 21:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7919
Description:
 Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte
 package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on
 clients (resulting in a panic) via a malformed X.509 certificate.
Ubuntu-Description:
Notes:
 mdeslaur> Packages built using golang need to be rebuilt once the
 mdeslaur> vulnerability has been fixed. This CVE entry does not
 mdeslaur> list packages that need rebuilding outside of the main
 mdeslaur> repository or the Ubuntu variants with PPA overlays.
Mitigation:
Bugs:
 https://github.com/golang/go/issues/36837
 https://github.com/golang/go/issues/36838 (Go 1.13)
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_golang:
upstream_golang: needs-triage
precise/esm_golang: DNE
trusty_golang: ignored (out of standard support)
trusty/esm_golang: DNE
xenial_golang: DNE
bionic_golang: DNE
disco_golang: DNE
eoan_golang: DNE
focal_golang: DNE
groovy_golang: DNE
hirsute_golang: DNE
impish_golang: DNE
jammy_golang: DNE
devel_golang: DNE

Patches_golang-1.6:
upstream_golang-1.6: needs-triage
precise/esm_golang-1.6: DNE
trusty_golang-1.6: ignored (out of standard support)
trusty/esm_golang-1.6: DNE
xenial_golang-1.6: not-affected (code not present)
esm-infra/xenial_golang-1.6: not-affected (code not present)
bionic_golang-1.6: DNE
disco_golang-1.6: DNE
eoan_golang-1.6: DNE
focal_golang-1.6: DNE
groovy_golang-1.6: DNE
hirsute_golang-1.6: DNE
impish_golang-1.6: DNE
jammy_golang-1.6: DNE
devel_golang-1.6: DNE

Patches_golang-1.8:
upstream_golang-1.8: needs-triage
precise/esm_golang-1.8: DNE
trusty_golang-1.8: DNE
trusty/esm_golang-1.8: DNE
xenial_golang-1.8: DNE
bionic_golang-1.8: not-affected (code not present)
disco_golang-1.8: DNE
eoan_golang-1.8: DNE
focal_golang-1.8: DNE
groovy_golang-1.8: DNE
hirsute_golang-1.8: DNE
impish_golang-1.8: DNE
jammy_golang-1.8: DNE
devel_golang-1.8: DNE

Patches_golang-1.9:
upstream_golang-1.9: needs-triage
precise/esm_golang-1.9: DNE
trusty_golang-1.9: DNE
trusty/esm_golang-1.9: DNE
xenial_golang-1.9: DNE
bionic_golang-1.9: not-affected (code not present)
disco_golang-1.9: DNE
eoan_golang-1.9: DNE
focal_golang-1.9: DNE
groovy_golang-1.9: DNE
hirsute_golang-1.9: DNE
impish_golang-1.9: DNE
jammy_golang-1.9: DNE
devel_golang-1.9: DNE

Patches_golang-1.10:
upstream_golang-1.10: needs-triage
precise/esm_golang-1.10: DNE
trusty_golang-1.10: ignored (out of standard support)
trusty/esm_golang-1.10: needs-triage
xenial_golang-1.10: ignored (end of standard support, was needed)
esm-infra/xenial_golang-1.10: needs-triage
bionic_golang-1.10: needed
disco_golang-1.10: ignored (reached end-of-life)
eoan_golang-1.10: DNE
focal_golang-1.10: DNE
groovy_golang-1.10: DNE
hirsute_golang-1.10: DNE
impish_golang-1.10: DNE
jammy_golang-1.10: DNE
devel_golang-1.10: DNE

Patches_golang-1.11:
upstream_golang-1.11: needs-triage
precise/esm_golang-1.11: DNE
trusty_golang-1.11: ignored (out of standard support)
trusty/esm_golang-1.11: DNE
xenial_golang-1.11: DNE
bionic_golang-1.11: DNE
eoan_golang-1.11: DNE
focal_golang-1.11: DNE
groovy_golang-1.11: DNE
hirsute_golang-1.11: DNE
impish_golang-1.11: DNE
jammy_golang-1.11: DNE
devel_golang-1.11: DNE

Patches_golang-1.12:
upstream_golang-1.12: needs-triage
precise/esm_golang-1.12: DNE
trusty_golang-1.12: DNE
trusty/esm_golang-1.12: DNE
xenial_golang-1.12: DNE
bionic_golang-1.12: DNE
disco_golang-1.12: ignored (reached end-of-life)
eoan_golang-1.12: ignored (reached end-of-life)
focal_golang-1.12: DNE
groovy_golang-1.12: DNE
hirsute_golang-1.12: DNE
impish_golang-1.12: DNE
jammy_golang-1.12: DNE
devel_golang-1.12: DNE

Patches_golang-1.13:
 upstream: https://github.com/golang/go/commit/f938e06d0623d0e1de202575d16f1e126741f6e0 (go1.13.7)
upstream_golang-1.13: released (1.13.7-1)
precise/esm_golang-1.13: DNE
trusty_golang-1.13: ignored (out of standard support)
trusty/esm_golang-1.13: DNE
xenial_golang-1.13: ignored (end of standard support, was needed)
bionic_golang-1.13: needed
eoan_golang-1.13: ignored (reached end-of-life)
focal_golang-1.13: not-affected (1.13.7-1ubuntu1)
groovy_golang-1.13: not-affected (1.13.7-1ubuntu1)
hirsute_golang-1.13: not-affected (1.13.7-1ubuntu1)
impish_golang-1.13: not-affected (1.13.7-1ubuntu1)
jammy_golang-1.13: not-affected (1.13.7-1ubuntu1)
devel_golang-1.13: not-affected (1.13.7-1ubuntu1)

Patches_golang-1.14:
 upstream: https://github.com/golang/go/commit/b13ce14c4a6aa59b7b041ad2b6eed2d23e15b574 (master)
upstream_golang-1.14: needs-triage
precise/esm_golang-1.14: DNE
trusty_golang-1.14: ignored (out of standard support)
trusty/esm_golang-1.14: DNE
xenial_golang-1.14: DNE
bionic_golang-1.14: DNE
eoan_golang-1.14: DNE
focal_golang-1.14: released (1.14~rc1-1)
groovy_golang-1.14: released (1.14~rc1-1)
hirsute_golang-1.14: released (1.14~rc1-1)
impish_golang-1.14: DNE
jammy_golang-1.14: DNE
devel_golang-1.14: DNE