Bug 1741522

Summary: [security] Go 1.12.8 and Go 1.11.13 are released
Product: [Fedora] Fedora EPEL Reporter: Patrick Laimbock <patrick>
Component: golangAssignee: Adam Miller <admiller>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: epel7CC: admiller, amurdaca, deparker, dwd, jcajka, lemenkov, renich, vbatts
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-08-26 05:33:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Patrick Laimbock 2019-08-15 11:27:41 UTC 
Description of problem:
[security] Go 1.12.8 and Go 1.11.13 are released

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
CVE-2019-9512 and CVE-2019-9514, and Go issue golang.org/issue/33606
CVE-2019-14809 and Go issue golang.org/issue/29098

See https://groups.google.com/forum/#!topic/golang-nuts/fCQWxqxP8aA
Thanks!
Comment 1 Dave Dykstra 2019-08-19 21:51:47 UTC 
It's definitely time to update to at least 1.11.13, and perhaps 1.12.8. Adam Miller are you going to be able to get to this?
Comment 2 Jakub Čajka 2019-08-26 05:33:58 UTC 
Duplicate of BZ#1743130, BZ#1741815 and BZ#1741826 security tracking bugs.

*** This bug has been marked as a duplicate of bug 1741815 ***
Comment 3 Red Hat Bugzilla 2023-09-14 05:41:41 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days