[Bug 1111158] New: VUL-1: CVE-2018-17848: The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go

9 Oct 2018


      http://bugzilla.opensuse.org/show_bug.cgi?id=1111158


            Bug ID: 1111158
           Summary: VUL-1: CVE-2018-17848: The html package (aka
                    x/net/html) through 2018-09-25 in Go mishandles
                    <math><template><mn><b></template>, leading to a
                    "panic: runtime error" (index out of range) in
                    (*insertionModeStack).pop in node.go
    Classification: openSUSE
           Product: openSUSE Distribution
           Version: Leap 42.3
          Hardware: Other
               URL: https://smash.suse.de/issue/216020/
                OS: Other
            Status: NEW
          Severity: Minor
          Priority: P5 - None
         Component: Security
          Assignee: security-team@suse.de
          Reporter: kbabioch@suse.com
        QA Contact: security-team@suse.de
          Found By: Security Response Team
           Blocker: ---

CVE-2018-17848

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17848
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17848.html

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 1111158] New: VUL-1: CVE-2018-17848: The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go

bugzilla_noreply＠novell.com