[ubuntu/jammy-security] golang-1.21 1.21.1-1~ubuntu22.04.3 (Accepted)
Nishit Majithia
nishit.majithia at canonical.com
Tue Jul 9 12:16:08 UTC 2024
golang-1.21 (1.21.1-1~ubuntu22.04.3) jammy-security; urgency=medium
* SECURITY UPDATE: denial of service issue
- debian/patches/CVE-2023-45288.patch: update bundled golang.org/x/net/http2
- CVE-2023-45288
* SECURITY UPDATE: leak sensitive information
- debian/patches/CVE-2023-45289.patch: net/http, net/http/cookiejar:
avoid subdomain matches on IPv6 zones
- CVE-2023-45289
* SECURITY UPDATE: denial of service issue
- debian/patches/CVE-2023-45290.patch: net/textproto, mime/multipart:
avoid unbounded read in MIME header
- CVE-2023-45290
* SECURITY UPDATE: panic on unknown public key algorithm
- debian/patches/CVE-2024-24783.patch: crypto/x509: make sure pub key
is non-nil before interface conversion
- CVE-2024-24783
* SECURITY UPDATE: panic on handling special characters
- debian/patches/CVE-2024-24784.patch: net/mail: properly handle
special characters in phrase and obs-phrase
- CVE-2024-24784
* SECURITY UPDATE: template injection issue
- debian/patches/CVE-2024-24785.patch: html/template: escape additional
tokens in MarshalJSON errors
- CVE-2024-24785
* SECURITY UPDATE: denial of service issue
- debian/patches/CVE-2024-24789.patch: archive/zip: treat truncated
EOCDR comment as an error
- debian/source/include-binaries: Add zip testdata file
- CVE-2024-24789
* SECURITY UPDATE: incorrect IPv4-mapped IPv6 addresses issue
- debian/patches/CVE-2024-24790.patch: net/netip: check if address is
v6 mapped in Is methods
- CVE-2024-24790
Date: 2024-07-08 13:20:31.697397+00:00
Changed-By: Nishit Majithia <nishit.majithia at canonical.com>
https://launchpad.net/ubuntu/+source/golang-1.21/1.21.1-1~ubuntu22.04.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list