| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| publicsuffix.patch | avoid download on build time; use data from "publicsuffix" package. | Dmitry Smirnov <onlyjob@debian.org> | not-needed | 2019-12-30 | ||
| CVE-2021-31525.patch | [PATCH] http/httpguts: remove recursion in HeaderValuesContainsToken Previously, httpguts.HeaderValuesContainsToken called a function which could recurse to the point of a stack overflow when given a very large header (~10MB). Credit to Guido Vranken who reported the crash as part of the Ethereum 2.0 bounty program. Fixes CVE-2021-31525 Fixes golang/go#45710 |
Katie Hockman <katie@golang.org> | no | 2021-04-23 | ||
| CVE-2021-33194.patch | html: ignore templates nested within foreign content Fixes #46288 Fixes CVE-2021-33194 |
Nigel Tao <nigeltao@golang.org> | no | 2021-04-18 |