[Bug 2015339] [NEW] Sync golang-1.20 1.20.3-1 (main) from Debian unstable (main)
Shengjing Zhu
2015339 at bugs.launchpad.net
Wed Apr 5 10:51:34 UTC 2023
Public bug reported:
Please sync golang-1.20 1.20.3-1 (main) from Debian unstable (main)
Changelog entries since current lunar version 1.20.2-1:
golang-1.20 (1.20.3-1) unstable; urgency=medium
* Team upload
* New upstream version 1.20.3
+ CVE-2023-24537: go/parser: infinite loop in parsing
+ CVE-2023-24538: html/template: backticks not treated as string delimiters
+ CVE-2023-24534: net/http, net/textproto: denial of service from excessive
memory allocation
+ CVE-2023-24536: net/http, net/textproto, mime/multipart: denial of
service from excessive resource consumption
-- Shengjing Zhu <zhsj at debian.org> Wed, 05 Apr 2023 02:04:08 +0800
** Affects: golang-1.20 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to golang-1.20 in Ubuntu.
https://bugs.launchpad.net/bugs/2015339
Title:
Sync golang-1.20 1.20.3-1 (main) from Debian unstable (main)
Status in golang-1.20 package in Ubuntu:
New
Bug description:
Please sync golang-1.20 1.20.3-1 (main) from Debian unstable (main)
Changelog entries since current lunar version 1.20.2-1:
golang-1.20 (1.20.3-1) unstable; urgency=medium
* Team upload
* New upstream version 1.20.3
+ CVE-2023-24537: go/parser: infinite loop in parsing
+ CVE-2023-24538: html/template: backticks not treated as string delimiters
+ CVE-2023-24534: net/http, net/textproto: denial of service from excessive
memory allocation
+ CVE-2023-24536: net/http, net/textproto, mime/multipart: denial of
service from excessive resource consumption
-- Shengjing Zhu <zhsj at debian.org> Wed, 05 Apr 2023 02:04:08 +0800
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/golang-1.20/+bug/2015339/+subscriptions
More information about the foundations-bugs
mailing list