Subject: CVS commit: pkgsrc/lang
From: Benny Siegert
Date: 2023-07-15 12:35:14
Message id: 20230715103515.06CC3FBDB@cvs.NetBSD.org

Log Message:
go119: update to 1.19.11 (security)

This minor release includes 1 security fix following the security policy:

net/http: insufficient sanitization of Host header

The HTTP/1 client did not fully validate the contents of the Host header. A
maliciously crafted Host header could inject additional headers or entire
requests. The HTTP/1 client now refuses to send requests containing an invalid
Request.Host or Request.URL.Host value.

Thanks to Bartek Nowotarski for reporting this issue.

Includes security fixes for CVE-2023-29406 and Go issue
https://go.dev/issue/60374

Files:
RevisionActionfile
1.182modifypkgsrc/lang/go/version.mk
1.11modifypkgsrc/lang/go119/PLIST
1.13modifypkgsrc/lang/go119/distinfo