Bug 1111158 - (CVE-2018-17848) VUL-1: CVE-2018-17848: The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go
(CVE-2018-17848)
VUL-1: CVE-2018-17848: The html package (aka x/net/html) through 2018-09-25 i...
Status: RESOLVED INVALID
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 42.3
Other Other
: P5 - None : Minor (vote)
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/216020/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-10-09 07:07 UTC by Karol Babioch
Modified: 2018-10-09 07:08 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Karol Babioch 2018-10-09 07:08:07 UTC
There are no actual packages built with this:

$ osc whatdependson openSUSE:Factory golang-org-x-net-html standard x86_64
golang-org-x-net-html :
   golang-org-x-tools
$ osc whatdependson openSUSE:Factory golang-org-x-tools standard x86_64
golang-org-x-tools :