[Bug 2039848] [NEW] Go is two point versions behind

Edu Gómez Escandell 2039848 at bugs.launchpad.net
Thu Oct 19 14:12:39 UTC 2023 

Public bug reported:

The packaged go executable is currently at version 1.21.1

There have been two new releases since, both related to security issues.

- go1.21.2 (released 2023-10-05) includes one security fixes to the
cmd/go package, as well as bug fixes to the compiler, the go command,
the linker, the runtime, and the runtime/metrics package.

- go1.21.3 (released 2023-10-10) includes a security fix to the net/http
package.

As such, all packages that depend on golang-1.21 are now exposed to
these vulnerabilities.

** Affects: golang-1.21 (Ubuntu)
     Importance: High
         Status: New

** Description changed:

- The package go executable is currently at version 1.21.1
+ The packaged go executable is currently at version 1.21.1
  
  There have been two new releases since, both related to security issues.
  
  - go1.21.2 (released 2023-10-05) includes one security fixes to the
  cmd/go package, as well as bug fixes to the compiler, the go command,
  the linker, the runtime, and the runtime/metrics package.
  
  - go1.21.3 (released 2023-10-10) includes a security fix to the net/http
  package.
  
  As such, all packages that depend on golang-1.21 are now exposed to
  these vulnerabilities.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to golang-1.21 in Ubuntu.
https://bugs.launchpad.net/bugs/2039848

Title:
  Go is two point versions behind

Status in golang-1.21 package in Ubuntu:
  New

Bug description:
  The packaged go executable is currently at version 1.21.1

  There have been two new releases since, both related to security
  issues.

  - go1.21.2 (released 2023-10-05) includes one security fixes to the
  cmd/go package, as well as bug fixes to the compiler, the go command,
  the linker, the runtime, and the runtime/metrics package.

  - go1.21.3 (released 2023-10-10) includes a security fix to the
  net/http package.

  As such, all packages that depend on golang-1.21 are now exposed to
  these vulnerabilities.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/golang-1.21/+bug/2039848/+subscriptions

More information about the foundations-bugs mailing list