[ubuntu/focal-security] golang-1.20 1.20.3-1ubuntu0.1~20.04.1 (Accepted)

Nishit Majithia nishit.majithia at canonical.com
Thu Jan 11 04:09:52 UTC 2024


golang-1.20 (1.20.3-1ubuntu0.1~20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: XSS issue
    - debian/patches/CVE-2023-39318.patch: support HTML-like comments in
      script contexts
    - debian/patches/CVE-2023-39319.patch: roperly handle special tags
      within the script context
    - CVE-2023-39318
    - CVE-2023-39319
  * SECURITY UPDATE: bypass directives restrictions
    - debian/patches/CVE-2023-39323.patch: cmd/compile: use absolute file
      name in isCgo check
    - CVE-2023-39323
  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2023-39325_44487.patch: http2: limit maximum
      handler goroutines to MaxConcurrentStreams
    - CVE-2023-39325
    - CVE-2023-44487
  * SECURITY UPDATE: out-of-bound read
    - debian/patches/CVE-2023-39326.patch: net/http: limit chunked data
      overhead
    - CVE-2023-39326
  * SECURITY UPDATE: bypass secure protocol
    - debian/patches/CVE-2023-45285.patch: error out if the requested repo
      does not support a secure protocol
    - CVE-2023-45285

Date: 2024-01-10 07:00:09.837984+00:00
Changed-By: Nishit Majithia <nishit.majithia at canonical.com>
https://launchpad.net/ubuntu/+source/golang-1.20/1.20.3-1ubuntu0.1~20.04.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Focal-changes mailing list