This update for go fixes the following issues:

- CVE-2015-5739: "Content Length" treated as valid header
- CVE-2015-5740: Double content-length headers does not return 400 error
- CVE-2015-5741: Additional hardening, not sending Content-Length w/Transfer-Encoding, Closing connections

Go was updated to 1.4.3 with the following additional changes:

- build: remove -Werror from cmd/dist
- runtime: panic when accessing an empty struct value appended to an uninitialized slice
- runtime: garbage collector found invalid heap pointer iterating over map