{"id":"MGASA-2017-0019","summary":"Updated golang package fixes security vulnerability","details":"The net/http package's Request.ParseMultipartForm method \nstarts writing to temporary files once the request body size \nsurpasses the given \"maxMemory\" limit. It was possible for an \nattacker to generate a multipart request crafted such that the \nserver ran out of file descriptors.\n","modified":"2026-04-16T04:27:33.541297Z","published":"2017-01-14T21:05:17Z","references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0019.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=19938"}],"affected":[{"package":{"name":"golang","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/golang?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.4-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0019.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}