Candidate: CVE-2019-9634
PublicDate: 2019-03-08 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9634
 https://github.com/golang/go/issues/30642
Description:
 Go through 1.12 on Windows misuses certain LoadLibrary functionality,
 leading to DLL injection.
Ubuntu-Description:
Notes:
 mdeslaur> Packages built using golang need to be rebuilt once the
 mdeslaur> vulnerability has been fixed. This CVE entry does not
 mdeslaur> list packages that need rebuilding outside of the main
 mdeslaur> repository or the Ubuntu variants with PPA overlays.
 sbeattie> affects Go only on Windows
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_golang:
upstream_golang: needs-triage
precise/esm_golang: DNE
trusty_golang: ignored (reached end-of-life)
trusty/esm_golang: DNE (trusty was not-affected)
xenial_golang: DNE
bionic_golang: DNE
cosmic_golang: DNE
disco_golang: DNE
devel_golang: DNE

Patches_golang-1.6:
upstream_golang-1.6: not-affected (windows only)
precise/esm_golang-1.6: DNE
trusty_golang-1.6: ignored (reached end-of-life)
trusty/esm_golang-1.6: DNE (trusty was not-affected)
xenial_golang-1.6: not-affected (windows only)
esm-infra/xenial_golang-1.6: not-affected (windows only)
bionic_golang-1.6: DNE
cosmic_golang-1.6: DNE
disco_golang-1.6: DNE
devel_golang-1.6: DNE

Patches_golang-1.7:
upstream_golang-1.7: not-affected (windows only)
precise/esm_golang-1.7: DNE
trusty_golang-1.7: DNE
trusty/esm_golang-1.7: DNE
xenial_golang-1.7: DNE
bionic_golang-1.7: DNE
cosmic_golang-1.7: not-affected (windows only)
disco_golang-1.7: DNE
devel_golang-1.7: DNE

Patches_golang-1.8:
upstream_golang-1.8: not-affected (windows only)
precise/esm_golang-1.8: DNE
trusty_golang-1.8: DNE
trusty/esm_golang-1.8: DNE
xenial_golang-1.8: DNE
bionic_golang-1.8: not-affected (windows only)
cosmic_golang-1.8: not-affected (windows only)
disco_golang-1.8: DNE
devel_golang-1.8: DNE

Patches_golang-1.9:
upstream_golang-1.9: not-affected (windows only)
precise/esm_golang-1.9: DNE
trusty_golang-1.9: DNE
trusty/esm_golang-1.9: DNE
xenial_golang-1.9: DNE
bionic_golang-1.9: not-affected (windows only)
cosmic_golang-1.9: not-affected (windows only)
disco_golang-1.9: DNE
devel_golang-1.9: DNE

Patches_golang-1.10:
upstream_golang-1.10: not-affected (debian: Only affects Go on Windows)
precise/esm_golang-1.10: DNE
trusty_golang-1.10: ignored (out of standard support)
trusty/esm_golang-1.10: not-affected
xenial_golang-1.10: not-affected (windows only)
bionic_golang-1.10: not-affected (windows only)
cosmic_golang-1.10: not-affected (windows only)
disco_golang-1.10: not-affected (windows only)
devel_golang-1.10: DNE

Patches_golang-1.11:
upstream_golang-1.11: not-affected (debian: Only affects Go on Windows)
precise/esm_golang-1.11: DNE
trusty_golang-1.11: DNE
trusty/esm_golang-1.11: DNE
xenial_golang-1.11: DNE
bionic_golang-1.11: DNE
cosmic_golang-1.11: DNE
disco_golang-1.11: not-affected (windows only)
devel_golang-1.11: not-affected (windows only)

Patches_golang-1.12:
upstream_golang-1.12: not-affected (debian: Only affects Go on Windows)
precise/esm_golang-1.12: DNE
trusty_golang-1.12: DNE
trusty/esm_golang-1.12: DNE
xenial_golang-1.12: DNE
bionic_golang-1.12: DNE
cosmic_golang-1.12: DNE
disco_golang-1.12: not-affected (windows only)
devel_golang-1.12: not-affected (windows only)