2 security issues in bullseye
There are 2 open security issues in bullseye.
Please fix them.
2 important issues:
- CVE-2020-15586: Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.
- CVE-2020-16845: Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
- Migration status for golang-1.14 (1.14.4-2 to 1.14.7-2): Waiting for test results, another package or too young (no action required now - check later)
- Issues preventing migration:
- Too young, only 1 of 5 days old
- Additional info:
- Piuparts tested OK - https://piuparts.debian.org/sid/source/g/golang-1.14.html
- Not considered