| sdeziel | https://ubuntu.com/security/CVE-2023-39325 doesn't mention golang-1.18 but the Debian page (https://security-tracker.debian.org/tracker/CVE-2023-39325) seem to imply that old versions are affected too | 20:25 |
|---|---|---|
| -ubottu:#ubuntu-security- A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix appl... <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325> | 20:25 | |
| mdeslaur | sdeziel: thanks, I'll update it with all our versions | 20:39 |
| sdeziel | mdeslaur: many thanks! | 20:39 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!