[Buildroot] [PATCH v1 1/1] package/go: security bump to version 1.19.8
Peter Korsgaard
peter at korsgaard.com
Wed Apr 5 20:18:19 UTC 2023
>>>>> "Christian" == Christian Stewart <christian at paral.in> writes:
> go1.19.8 (released 2023-04-04) includes security fixes to the go/parser,
> html/template, mime/multipart, net/http, and net/textproto packages, as well as
> bug fixes to the compiler, the linker, the runtime, and the time package.
> Fixes security vulnerabilities:
> go/parser: infinite loop in parsing (CVE-2023-24537)
> html/template: backticks not treated as string delimiters (CVE-2023-24538)
> net/http, net/textproto: denial of service from excessive memory
> allocation (CVE-2023-24534)
> net/http, net/textproto, mime/multipart: denial of service from excessive
> resource consumption (CVE-2023-24536)
> https://go.dev/doc/devel/release#go1.19.8
> https://github.com/golang/go/issues?q=milestone%3AGo1.19.8+label%3ACherryPickApproved
> Signed-off-by: Christian Stewart <christian at paral.in>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list