File _patchinfo of Package patchinfo.12320
<patchinfo incident="12320">
<issue tracker="bnc" id="1146111"></issue>
<issue tracker="bnc" id="1146115"></issue>
<issue tracker="bnc" id="1139210">go1.12 - doesn't install /usr/lib64/go/1.12/misc/wasm/wasm_exec.js and others</issue>
<issue tracker="bnc" id="1141689">go1.12 release tracking</issue>
<issue tracker="bnc" id="1146123"></issue>
<issue tracker="cve" id="2019-9514"/>
<issue tracker="cve" id="2019-14809"/>
<issue tracker="cve" id="2019-9512"/>
<category>security</category>
<rating>moderate</rating>
<packager>jfkw</packager>
<description>This update for go1.12 fixes the following issues:
Security issues fixed:
- CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in unbounded memory growth (bsc#1146111).
- CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146115).
- CVE-2019-14809: Fixed malformed hosts in URLs that leads to authorization bypass (bsc#1146123).
Bugfixes:
- Update to go version 1.12.9 (bsc#1141689).
- Adding Web Assembly stuff from misc/wasm (bsc#1139210).
</description>
<summary>Security update for go1.12</summary>
</patchinfo>