|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: go1.14,go1.15,go1.16: crypto/tls, enforce ALPN overlap when negotiated on both sides | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Gianluca Gabrielli <gianluca.gabrielli> |
| Component: | Incidents | Assignee: | Jeff Kowalczyk <jkowalczyk> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P2 - High | CC: | abergmann, andreas.taschner, meissner |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/302857 | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2021-3618:7.4:(AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) | ||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Bug Depends on: | |||
| Bug Blocks: | 1187678 | ||
|
Description
Gianluca Gabrielli
2021-06-24 11:06:23 UTC
Affected packages: - SUSE:SLE-15:Update/go1.14 1.14.15 - SUSE:SLE-15:Update/go1.15 1.15.12 - SUSE:SLE-15:Update/go1.16 1.16.4 - openSUSE:Factory/go1.14 1.14.15 - openSUSE:Factory/go1.15 1.15.13 - openSUSE:Factory/go1.16 1.16.5 This should have gotten fixed with version bump 1.6.17. Could if confirm and in case add the BZ id to the changes file? So far the fix from comment 1 is only present inside go1.17. $ git tag --contains 90d6bbbe42c15d444c1da0a1c293192d6f735a8e go1.17 go1.17.1 go1.17.2 go1.17.3 go1.17beta1 go1.17rc1 go1.17rc2 Hi Jeff, can you please submit the patch? We now only support golang packages that already contains the fix. This bug can be closed |