The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElements, during an html.Parse call. Upstream Issue: https://github.com/golang/go/issues/27846
Created golang-googlecode-net tracking bugs for this issue: Affects: epel-6 [bug 1639122] Affects: fedora-all [bug 1639121] Created heketi tracking bugs for this issue: Affects: epel-6 [bug 1639120] Affects: fedora-all [bug 1639119] Created kompose tracking bugs for this issue: Affects: fedora-all [bug 1639118] Created origin tracking bugs for this issue: Affects: fedora-all [bug 1639117]
No upstream fix found yet, but this is not reproducible on RHEL7. My guess is this is similar to the other template related flaws. See https://bugzilla.redhat.com/show_bug.cgi?id=1633022 as an example. Not affected / not reproducible on our released version.
OpenStack OpTools 8 and 9 grafana versions do not include net/html, which has the flawed code, setting these to NotAffected.
Kompose was in DevTools as part of devsuite. Devsuite is now retired (https://developers.redhat.com/products/devsuite/overview/)
Upstream fix: https://github.com/golang/net/commit/4b62a64f59f73840b9ab79204c94fee61cd1ba2c