The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElements, during an html.Parse call.
Created golang-googlecode-net tracking bugs for this issue:
Affects: epel-6 [bug 1639122]
Affects: fedora-all [bug 1639121]
Created heketi tracking bugs for this issue:
Affects: epel-6 [bug 1639120]
Affects: fedora-all [bug 1639119]
Created kompose tracking bugs for this issue:
Affects: fedora-all [bug 1639118]
Created origin tracking bugs for this issue:
Affects: fedora-all [bug 1639117]
No upstream fix found yet, but this is not reproducible on RHEL7. My guess is this is similar to the other template related flaws.
See https://bugzilla.redhat.com/show_bug.cgi?id=1633022 as an example.
Not affected / not reproducible on our released version.
OpenStack OpTools 8 and 9 grafana versions do not include net/html, which has the flawed code, setting these to NotAffected.
Kompose was in DevTools as part of devsuite. Devsuite is now retired (https://developers.redhat.com/products/devsuite/overview/)