File _patchinfo of Package patchinfo.12318
<patchinfo incident="12318">
<issue tracker="bnc" id="1146111"></issue>
<issue tracker="bnc" id="1146115"></issue>
<issue tracker="bnc" id="1141688">go1.11 release tracking</issue>
<issue tracker="bnc" id="1146123"></issue>
<issue tracker="cve" id="2019-9514"/>
<issue tracker="cve" id="2019-9512"/>
<issue tracker="cve" id="2019-14809"/>
<category>security</category>
<rating>moderate</rating>
<packager>jfkw</packager>
<description>This update for go1.11 fixes the following issues:
Security issues fixed:
- CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in unbounded memory growth (bsc#1146111).
- CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146115).
- CVE-2019-14809: Fixed malformed hosts in URLs that leads to authorization bypass (bsc#1146123).
Bugfixes:
- Update to go version 1.11.13 (bsc#1141688).
</description>
<summary>Security update for go1.11</summary>
</patchinfo>