Google Git
Sign in
android-kvm / buildroot / 1cfc01a008294247255b7dbb0e3da42e5a1d327b
commit1cfc01a008294247255b7dbb0e3da42e5a1d327b[log] [tgz]
authorPeter Korsgaard <peter@korsgaard.com>Fri May 07 08:28:21 2021 +0200
committerPeter Korsgaard <peter@korsgaard.com>Sat May 08 10:58:40 2021 +0200
tree6822ce4e4297f0b671be83bbbaab2fc2ce0c478b
parentf02c0ee1b035ca3b035caa55e3452f56d76e5230 [diff]
package/go: security bump to version 1.16.4

Fixes the following security issues:

- CVE-2021-31525: ReadRequest and ReadResponse in net/http can hit an
  unrecoverable panic when reading a very large header (over 7MB on 64-bit
  architectures, or over 4MB on 32-bit ones).  Transport and Client are
  vulnerable and the program can be made to crash by a malicious server.
  Server is not vulnerable by default, but can be if the default max header
  of 1MB is overridden by setting Server.MaxHeaderBytes to a higher value,
  in which case the program can be made to crash by a malicious client.

  https://github.com/golang/go/issues/45710

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2 files changed
tree: 6822ce4e4297f0b671be83bbbaab2fc2ce0c478b
  1. arch/
  2. board/
  3. boot/
  4. configs/
  5. docs/
  6. fs/
  7. linux/
  8. package/
  9. support/
  10. system/
  11. toolchain/
  12. utils/
  13. .defconfig
  14. .flake8
  15. .gitignore
  16. .gitlab-ci.yml
  17. CHANGES
  18. Config.in
  19. Config.in.legacy
  20. COPYING
  21. DEVELOPERS
  22. Makefile
  23. Makefile.legacy
  24. README